Palm Pilot HotSync Manager Long String DoS

1999-11-04T23:18:30
ID OSVDB:9835
Type osvdb
Reporter Aviram Jenik(aviram@securiteam.com)
Modified 1999-11-04T23:18:30

Description

Vulnerability Description

Palm Pilot HotSync Manager contains a flaw that may allow a remote denial of service. The issue is triggered when sending a long string to port 14238 followed by a newline while the manager is in network mode and will cause the application to crash, resulting in a loss of availability for the service.

Solution Description

Contact the vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Short Description

Palm Pilot HotSync Manager contains a flaw that may allow a remote denial of service. The issue is triggered when sending a long string to port 14238 followed by a newline while the manager is in network mode and will cause the application to crash, resulting in a loss of availability for the service.

References:

Vendor URL: http://www.palmone.com/us/ Other Advisory URL: http://www.securiteam.com/exploits/3L5QMPPPQG.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1496.html ISS X-Force ID: 7785 CVE-1999-1065