lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Aug 2007 17:21:08 -0400
From: "Michael Bednar" <MBEDNAR@...z.pitt.edu>
To: <bugtraq@...urityfocus.com>
Subject: RE: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service

 
	When I tested this on my Treo over Verizon's network, only one
packet with the prescribed parameters was needed to force a soft reset
of my phone rather than the flood described in CVE-2003-0293. When I
notified Verizon of this, they were completely unaware of this
vulnerability -- well, at least their help desk people were. I'm hoping
they'll take steps to filter this kind of traffic on their network.
	On a side note, when I was testing this vulnerability, I tried
varying the size of the ICMP packet. Strangely enough, I got no response
if the packet was of size 1469 bytes, or 1471 bytes. There must be
something special about 1470 byte ICMP packets. Anyone have any ideas?

Mike

--

Michael C Bednar
Katz IT Services
319 Mervis Hall
University of Pittsburgh
Pittsburgh, PA  15260


-----Original Message-----
From: Stuart Moore [mailto:smoore.bugtraq@...urityglobal.net] 
Sent: Monday, August 20, 2007 16:13
To: research@...antec.com; bugtraq@...urityfocus.com
Subject: Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service

Hi.  Is this fundamentally different than the previously reported PalmOS

ICMP denial of service bug (CVE-2003-0293)?

Thanks,

Stuart

Powered by blists - more mailing lists