AnywhereUSB/5 Driver String Descriptor Parsing DoS

2006-09-04T11:49:14
ID OSVDB:28429
Type osvdb
Reporter Itzik Kotler()
Modified 2006-09-04T11:49:14

Description

Vulnerability Description

AnywhereUSB/5 contains a flaw that may allow a remote denial of service. The issue is triggered due to an error in the processing of malformed string descriptor that in its header specifies a size of 1 byte, and will result in loss of availability for the platform.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

AnywhereUSB/5 contains a flaw that may allow a remote denial of service. The issue is triggered due to an error in the processing of malformed string descriptor that in its header specifies a size of 1 byte, and will result in loss of availability for the platform.

References:

Vendor URL: http://www.digi.com/products/usb/anywhereusb.jsp Secunia Advisory ID:21739 Other Advisory URL: http://www.safend.com/424-en/Safend.aspx Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0034.html CVE-2006-4459