Patching an IPS – 16 months !

TippingPoint Technologies has released two alerts reporting about vulnerabilities in TippingPoint IPS this week.

The first issue is Signature Evasion type issue reported by Paul Craig, Security-Assessment.com.
3Com’s Alert 07-003
(CVE-2007-3701)
The second one is problem in the handling of fragmented packets.
Bypassing the intrusion prevention system is possible.
3Com’s Alert 07-002
(CVE-2007-3711)

But when looking into disclosure timeline [pdf] of Andres Riancho, Cybsec Security Systems the vendor was contacted on 6th February, 2006 already.

The updated TOS version was released on 4th July, 2007, i.e. last week.

I’m not saying 3Com is slow when fixing vulnerabilities, I think this issue was extremely difficult to resolve. Cybsec will “disclose technical details 30 days after publication of pre-advisory”. Let’s wait!

Share
  • Fionnbharr

    Why do you think this issue was extremely difficult to resolve if you don’t know any of the technical details? I’m happy to say that 3Com was slow when fixing these vulnerabilities :P

  • http://networksecurity.typepad.com/ Juha-Matti

    The conclusion is written here because it took several months to confirm the existence of vulnerability too.
    But let’s wait the official, final advisory.