BugTraq
Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service Aug 20 2007 08:12PM
Stuart Moore (smoore bugtraq securityglobal net) (1 replies)
RE: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service Aug 20 2007 09:21PM
Michael Bednar (MBEDNAR katz pitt edu) (1 replies)

When I tested this on my Treo over Verizon's network, only one
packet with the prescribed parameters was needed to force a soft reset
of my phone rather than the flood described in CVE-2003-0293. When I
notified Verizon of this, they were completely unaware of this
vulnerability -- well, at least their help desk people were. I'm hoping
they'll take steps to filter this kind of traffic on their network.
On a side note, when I was testing this vulnerability, I tried
varying the size of the ICMP packet. Strangely enough, I got no response
if the packet was of size 1469 bytes, or 1471 bytes. There must be
something special about 1470 byte ICMP packets. Anyone have any ideas?

Mike

--

Michael C Bednar
Katz IT Services
319 Mervis Hall
University of Pittsburgh
Pittsburgh, PA 15260

-----Original Message-----
From: Stuart Moore [mailto:smoore.bugtraq (at) securityglobal (dot) net [email concealed]]
Sent: Monday, August 20, 2007 16:13
To: research (at) symantec (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service

Hi. Is this fundamentally different than the previously reported PalmOS

ICMP denial of service bug (CVE-2003-0293)?

Thanks,

Stuart

[ reply ]
Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service Aug 21 2007 04:51PM
Tuc at T-B-O-H.NET (ml t-b-o-h net)


 

Privacy Statement
Copyright 2010, SecurityFocus