Palm OS Treo Smartphone Remote Denial of Service Vulnerability
BID:25074
Info
Palm OS Treo Smartphone Remote Denial of Service Vulnerability
| Bugtraq ID: | 25074 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-4213 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 20 2007 12:00AM |
| Updated: | Aug 29 2007 11:42PM |
| Credit: | J.R. Wikes of Symantec Vulnerability Research is credited with the discovery of this issue. |
| Vulnerable: |
Palm Treo 700p 0 Palm Treo 650 |
| Not Vulnerable: | |
Discussion
Palm OS Treo Smartphone Remote Denial of Service Vulnerability
Treo Smartphones running the Palm OS are prone to a denial-of-service vulnerability because they fail to handle excessive amounts of specially crafted ICMP requests.
Attackers can exploit this issue to cause denial-of-service conditions on affected devices.
NOTE: This issue can be exploited only on Smartphones connected to data networks that allow inbound ICMP traffic.
Palm Treo 650 and 700p Smartphones are vulnerable. Treo 680 Smartphones may also be affected, but this has not been confirmed.
Treo Smartphones running the Palm OS are prone to a denial-of-service vulnerability because they fail to handle excessive amounts of specially crafted ICMP requests.
Attackers can exploit this issue to cause denial-of-service conditions on affected devices.
NOTE: This issue can be exploited only on Smartphones connected to data networks that allow inbound ICMP traffic.
Palm Treo 650 and 700p Smartphones are vulnerable. Treo 680 Smartphones may also be affected, but this has not been confirmed.
Exploit / POC
Palm OS Treo Smartphone Remote Denial of Service Vulnerability
To exploit this issue an attacker must craft and distribute malformed ICMP echo requests.
To exploit this issue an attacker must craft and distribute malformed ICMP echo requests.
Solution / Fix
Palm OS Treo Smartphone Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Palm OS Treo Smartphone Remote Denial of Service Vulnerability
References:
References:
- Palm Treo Smartphone Product Page (Palm)
- SYMSA-2007-007: Palm OS Treo Smartphone Denial of Service (Symantec Vulnerability Research)
- SYMSA-2007-007 Palm OS Treo Smartphone Denial of Servic (Symantec Vulnerability Research)