RE: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service
From: "Michael Bednar" <MBEDNAR@xxxxxxxxxxxxx>
Date: Mon, 20 Aug 2007 17:21:08 -0400
In-reply-to: <46C9F5C5.801@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <46C9F5C5.801@xxxxxxxxxxxxxxxxxx>
Thread-index: AcfjbT002gdoCJ/fRWygVMCwgz6FTQAAKOMA
Thread-topic: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service

 
        When I tested this on my Treo over Verizon's network, only one
packet with the prescribed parameters was needed to force a soft reset
of my phone rather than the flood described in CVE-2003-0293. When I
notified Verizon of this, they were completely unaware of this
vulnerability -- well, at least their help desk people were. I'm hoping
they'll take steps to filter this kind of traffic on their network.
        On a side note, when I was testing this vulnerability, I tried
varying the size of the ICMP packet. Strangely enough, I got no response
if the packet was of size 1469 bytes, or 1471 bytes. There must be
something special about 1470 byte ICMP packets. Anyone have any ideas?

Mike

--

Michael C Bednar
Katz IT Services
319 Mervis Hall
University of Pittsburgh
Pittsburgh, PA  15260


-----Original Message-----
From: Stuart Moore [mailto:smoore.bugtraq@xxxxxxxxxxxxxxxxxx] 
Sent: Monday, August 20, 2007 16:13
To: research@xxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service

Hi.  Is this fundamentally different than the previously reported PalmOS

ICMP denial of service bug (CVE-2003-0293)?

Thanks,

Stuart

Follow-Ups:
- Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service
  - From: Tuc at T-B-O-H.NET

References:
- Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service
  - From: Stuart Moore

Prev by Date: Joomla Component SimpleFAQ V2.11 - Remote SQL Injection
Next by Date: Dalai Forum Remote File Inclusion Exploit
Previous by thread: Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service
Next by thread: Re: SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service
Index(es):
- Date
- Thread