| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Apr 2007 15:00:05 -0700 From: Secure@...m.com To: bugtraq@...urityfocus.com Cc: mike20061005@...mail.co.za Subject: Re: 3Com's TippingPoint Denial of Service TippingPoint is committed to assuring the security of our customers, and we take all reports of potential security issues against our products very seriously. Even though this report seems less than credible, we would encourgage the author of this "advisory" to contact us directly and provide us with additional details and sources to allow us to investigate this claim. All though there seems to be limited to no information available on how this apparent "Denial of Service" would be carried out, we've put our resources towards attempting to reproduce the issue, and all versions of our TOS have performed as expected with no DoS emerging. Again, if the poster of this advisory has additional information available that would allow us to successfully reproduce these claims, we would appreciate if it was submitted to us for investigation. Submissions can be made to secure@...m.com or on the web at www.3com.com/security. Kind Regards, TippingPoint Security Response Team mike20061005@...mail.co.za 04/24/2007 02:24 PM To bugtraq@...urityfocus.com cc Subject 3Com's TippingPoint Denial of Service Vulnerability: Denial of Service Affected Product: 3Com's TippingPoint IPS Affected Versions: All Author: Corroded_Lunchmeats_X Issue: ====== TippingPoint IPS is prone to DoS when a sequence of crafted packets are destined for port 80. Details: ======== When quickly flooded with packets destined for port 80, and an incrementing source port this causes the software to consume a huge amount of CPU time, due to a badly written loop, causing the device to stop responding. Credits: ======== The Kinders Kricket Krew, Aunty_Richard, The dinosaurs who died in the explosion. Disclaimer: =========== This document and all the information it contains are provided "as is", for educational purposes only, without warranty of any kind, whether express or implied. The authors reserve the right not to be responsible for the topicality, correctness, completeness or quality of the information provided in this document. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected. ------------------------------------------- South Africas premier free email service - www.webmail.co.za ------------------------------------------------------------------ For super low premiums, click here http://www.webmail.co.za/dd.pwm
Powered by blists - more mailing lists