3Com TippingPoint SMS Information Disclosure Vulnerability

Bugtraq ID:	17935
Class:	Access Validation Error
CVE:	CVE-2006-0993
Remote:	Yes
Local:	No
Published:	May 09 2006 12:00AM
Updated:	Sep 05 2006 10:13PM
Credit:	Micheal Cottingham is credited with the discovery of this vulnerability.
Vulnerable:	3Com TippingPoint SMS 2.2
Not Vulnerable:	3Com TippingPoint SMS 2.2.1 .4478

3Com TippingPoint SMS Information Disclosure Vulnerability

TippingPoint SMS is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to retrieve potentially sensitive information.

3Com TippingPoint SMS Information Disclosure Vulnerability

Attackers can exploit this issue via a web client.

3Com TippingPoint SMS Information Disclosure Vulnerability

Solution:
The vendor has released an update to address this issue. This update can be retrieved through the SMS device.

3Com TippingPoint SMS Information Disclosure Vulnerability

References:

• 3COM-06-002 - TippingPoint SMS Information Disclosure (3Com)
  
• TippingPoint Support Page (3Com)
  
• ZDI-06-013 - 3Com TippingPoint SMS Server Information Disclosure Vulnerability (ZDI)