| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Aug 2007 17:21:08 -0400 From: "Michael Bednar" <MBEDNAR@...z.pitt.edu> To: <bugtraq@...urityfocus.com> Subject: RE: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service When I tested this on my Treo over Verizon's network, only one packet with the prescribed parameters was needed to force a soft reset of my phone rather than the flood described in CVE-2003-0293. When I notified Verizon of this, they were completely unaware of this vulnerability -- well, at least their help desk people were. I'm hoping they'll take steps to filter this kind of traffic on their network. On a side note, when I was testing this vulnerability, I tried varying the size of the ICMP packet. Strangely enough, I got no response if the packet was of size 1469 bytes, or 1471 bytes. There must be something special about 1470 byte ICMP packets. Anyone have any ideas? Mike -- Michael C Bednar Katz IT Services 319 Mervis Hall University of Pittsburgh Pittsburgh, PA 15260 -----Original Message----- From: Stuart Moore [mailto:smoore.bugtraq@...urityglobal.net] Sent: Monday, August 20, 2007 16:13 To: research@...antec.com; bugtraq@...urityfocus.com Subject: Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service Hi. Is this fundamentally different than the previously reported PalmOS ICMP denial of service bug (CVE-2003-0293)? Thanks, Stuart
Powered by blists - more mailing lists