TippingPoint SMS Server Authentication Bypass Vulnerability

CVE ID

CVE-2006-0993

Affected Vendors

3Com TippingPoint

Affected Products

TippingPoint SMS

Vulnerability Details

This vulnerability may allow attackers to access sensitive information from vulnerable TippingPoint SMS servers.

The specific flaw exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings.

Vendor Response

This issue has been addressed in TippingPoint SMS Server release version 2.2.1.4478. Customers can obtain the update through the SMS device or by visiting http://tmc.tippingpoint.com

Disclosure Timeline

2006-01-19 - Vulnerability reported to vendor
2006-05-09 - Coordinated public release of advisory

Credit

Micheal Cottingham

Upcoming Advisories

Adobe

• reported 2009-06-26, 7 days ago

Adobe

• reported 2009-06-26, 7 days ago

RealNetworks

• reported 2009-06-25, 8 days ago

RealNetworks

• reported 2009-06-25, 8 days ago

RealNetworks

• reported 2009-06-25, 8 days ago

Recent Press

Apple patches 10 critical QuickTime bugs

• published 2009-06-02, ComputerWorld

Apple Patches QuickTime Bug That Was Hidden in ...

• published 2009-06-01, PC World

Pwn2Own hacker: Apple Safari is 'easy pickings'

• published 2009-03-03, ZDNet

Hacking contest to test iPhone's security

• published 2009-02-27, AppleInsider

Pwn2Own contest will target browsers and mobile devices

• published 2009-02-27, Ars Technica