The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Palm OS

vulnerability announce CVE-2007-4213

Palm OS Treo: denial of service via ICMP

Synthesis of the vulnerability

An attacker can send continuous ICMP Echo Request packets in order to create a denial of service on Palm OS Treo Smartphone.
Impacted products: Palm OS.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: intranet client.
Creation date: 21/08/2007.
Revision date: 22/08/2007.
Identifiers: BID-25074, CVE-2007-4213, SYMSA-2007-007, VIGILANCE-VUL-7112.

Description of the vulnerability

ICMP Echo Request queries are used by the ping utility in order to check if a system can be reached.

The Palm OS Treo Smartphone product does not correctly handle ICMP Echo Request queries with a packet size of 1470 bytes. The consequence varies from a simple latency to a forced reboot.

An attacker can therefore send ping queries in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.