lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <42FA0B5D.6050001@ramat.cc>
Date: Wed, 10 Aug 2005 17:12:45 +0300
From: Josh Zlatin-Amishav <josh@...at.cc>
To: bugtraq@...urityfocus.com
Subject: remote DOS on Wyse thin client 1125SE


Synopsis: Wyse Winterm 1125SE Remote DOS.

Product: Wyse Winterm 1125SE
          http://www.wyse.com/products/winterm/1125se/index.htm)

Version: Confirmed on Firmware 4.2.09f, 4.4.061f (latest)

Author: Josh Zlatin-Amishav

Date: August 10, 2005

Background:
The Winterm 1125SE is a thin client which runs the Wyse Blazer operating 
system. More information about the Wyse Blazer OS can be found here:
http://support1.wyse.com/1000Series/1Series_Security.htm)

a quote from the above URL:

The Wyse Blazer OS has a closed source and limited distribution (of the 
source code). Attempts to expose vulnerabilities have been non-existent. 
In addition, the products image design and stateless nature make this 
product the most secure Winterm product available.

...

Proprietary OS  The Wyse Blazer product operates on a non-published, 
proprietary OS. This closed architecture makes the product far more 
secure than open source devices.

Issue:
It is possible to remotely crash the Winterm 1125SE terminal by sending 
a malformed packet with ip option len field set to zero.

PoC:
The exploit is identical to BID 7175. See the following URL for exploit
code:
http://www.securityfocus.com/archive/1/316043

--
  - Josh


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ