Vulnerabilities > CVE-2007-4213 - Remote Denial of Service vulnerability in Palm OS Treo Smartphone
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote attackers to cause a denial of service (device reset or hang) via a flood of large ICMP echo requests. NOTE: this is probably a different vulnerability than CVE-2003-0293.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 4 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 25074 CVE(CAN) ID: CVE-2007-4213 Treo系列是运行Palm操作系统的智能手机。 Treo手机在处理ICMP请求时存在漏洞,远程攻击者可能利用此漏洞导致设备不可用。 如果运行Palm操作系统的Treo手机连接到了数据网络并允许入站ICMP通讯的话,攻击者就可以通过向为手机所分配的IP地址连续发送大小为1470字节的ICMP回显请求导致设备待机、软重启或断开连接。降低报文大小但增加发送间隔时间也可以实现同样的效果。 Palm Treo Smartphone 755p Palm Treo Smartphone 700p Palm Treo Smartphone 680 Palm Treo Smartphone 650 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href="http://www.palmos.com/" target="_blank">http://www.palmos.com/</a> |
| id | SSV:2150 |
| last seen | 2017-11-19 |
| modified | 2007-08-21 |
| published | 2007-08-21 |
| reporter | Root |
| title | Palm Treo智能手机远程拒绝服务漏洞 |
References
- http://securityreason.com/securityalert/3034
- http://www.securityfocus.com/archive/1/477128/100/0/threaded
- http://www.securityfocus.com/archive/1/477169/100/0/threaded
- http://www.securityfocus.com/archive/1/477231/100/0/threaded
- http://www.securityfocus.com/archive/1/477235/100/0/threaded
- http://www.securityfocus.com/archive/1/477346/100/0/threaded
- http://www.securityfocus.com/archive/1/477350/100/0/threaded
- http://www.securityfocus.com/bid/25074
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-007.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36124