Packeteer PacketWise CLI overflow DoS

[kian.mohageri@xxxxxxxxx]

Product: Packeteer PacketShaper
Model: 9500/ISP
Software: PacketWise 8.x (possibly others)

===========
Background
===========

Packeteer creates bandwidth management solutions such as the PacketShaper which 
"is the ultimate scalable platform for optimized WAN application 
performance?the only all-in-one solution for extending monitoring, shaping, 
acceleration and compression as well as centralized reporting and management 
across the distributed enterprise."

===========
Description
===========

The Packeteer PacketShaper appears to be vulnerable to a buffer overflow which 
can be triggered by a valid command followed by a long argument (around 1500 
bytes).

# class show /Inbound/AAAAA...

There appear to be other places where such behavior can be seen, e.g. via the 
web interface:

https://xx.xx.xx.xx/clastree.htm?POLICY=/Inbound/Filesharing/BitTorrent/AAAAA...

Both of these examples require either "look" or "touch" access to the device.

===========
Impact
===========

The watchdog timer will trigger a unit reset/reboot, which takes around 30 
seconds.  If there is no bypass mechanism in place (e.g. fiber bypass switch), 
service will be interrupted.



Packeteer has not responded to the initial reports.