Summary
An issue has been identified in the IPS state engine, where under extreme load conditions, the preservation of state could be lost.
Details
Product Bulletin #: 1061
Subject: IPS State Preservation Issue
Date of Announcement: June 15, 2016
During product testing, an issue has been identified in the IPS state engine, where under extreme load conditions, the preservation of state could be lost resulting in the potential for the IPS engine to be bypassed for certain crafted attack techniques.
Affected Products
Details
The IPS utilizes a state preservation engine which tracks each flow through the device for the duration of that connection. Under extreme concurrent connection loads, as the device approaches its supported limits, some connection resources may be reclaimed. An issue has been identified where under this load condition, the IPS evasion engine can become less effective at identifying more complex types of evasion techniques.
Recommended Action
For customers who operate their IPS near its maximum concurrent connection limit, TippingPoint recommends upgrading to the latest build:
Customers are advised to plan to upgrade to the latest version of non-impacted software at their earliest convenience.
If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).
Thank you,
Trend Micro™ TippingPoint
For updated contact information, please click here.
Subject: IPS State Preservation Issue
Date of Announcement: June 15, 2016
During product testing, an issue has been identified in the IPS state engine, where under extreme load conditions, the preservation of state could be lost resulting in the potential for the IPS engine to be bypassed for certain crafted attack techniques.
Affected Products
Platform | Affected TOS Version |
TippingPoint 660N/1400N | TOS 3.8.3 build 4493 and earlier |
TippingPoint 2500N/5100N/6100N | TOS 3.8.3 build 4493 and earlier |
TippingPoint NX (all models) | TOS 3.8.3 build 4493 and earlier |
TippingPoint 10/110/330 | TOS 3.6.5 build 4124 and earlier |
TippingPoint TPS 440T/2200T | TOS 4.1.0 build 4472 and earlier |
TippingPoint vTPS Standard | TOS 4.0.1 build 4335 and earlier |
TippingPoint NGFW (all models) | TOS 1.2.2 build 4354 and earlier |
Details
The IPS utilizes a state preservation engine which tracks each flow through the device for the duration of that connection. Under extreme concurrent connection loads, as the device approaches its supported limits, some connection resources may be reclaimed. An issue has been identified where under this load condition, the IPS evasion engine can become less effective at identifying more complex types of evasion techniques.
Recommended Action
For customers who operate their IPS near its maximum concurrent connection limit, TippingPoint recommends upgrading to the latest build:
Platform | Recommended TOS Version |
TippingPoint 660N/1400N | TOS 3.8.4 build 4494 |
TippingPoint 2500N/5100N/6100N | TOS 3.8.4 build 4494 |
TippingPoint NX (all models) | TOS 3.8.4 build 4494 |
TippingPoint 10/110/330 | TOS 3.6.6 build 4140 |
TippingPoint TPS 440T/2200T | TOS 4.1.1 build 4841 |
TippingPoint vTPS Standard | To be released on or before June 21, 2016 |
TippingPoint NGFW (all models) | To be released on or before June 21, 2016 |
Customers are advised to plan to upgrade to the latest version of non-impacted software at their earliest convenience.
If you have concerns or further questions regarding this issue, contact the Trend Micro TippingPoint Technical Assistance Center (TAC).
Thank you,
Trend Micro™ TippingPoint
For updated contact information, please click here.
© Copyright 2018 Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, TippingPoint, the TippingPoint logo, and Digital Vaccine are trademarks or registered trademarks of Trend Micro Incorporated. TippingPoint Reg. U.S. Pat. & Tm. Off. The information is provided "as is" without warranty of any kind and is subject to change without notice. The only warranties for Trend Micro products and services are set forth in the express warranty statements accompanying such products and services. nothing herein should be construed as constituting an additional warranty. Trend Micro shall not be liable for technical or editorial errors or omissions contained herein. |