SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Embedded Server/Appliance)  >  Wyse Winterm Vendors:  Wyse
Wyse Winterm 1125SE Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1014659
SecurityTracker URL:  http://securitytracker.com/id?1014659
CVE Reference:  CVE-2005-2577   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 11 2005
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): Model 1125SE; firmware 4.2.09f, 4.4.061f
Description:  A vulnerability was reported in Wyse Winterm 1125SE. A remote user can cause denial of service conditions.

A remote user can send a specially crafted packet with the IP option length field set to zero to cause the system to crash.

Josh Zlatin-Amishav reported this vulnerability.
Impact:  A remote user can cause the target terminal to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.wyse.com/products/winterm/1125se/index.htm (Links to External Site)
Cause:  Exception handling error
Reported By:  Josh Zlatin-Amishav <josh@ramat.cc>
Message History:   None.

 Source Message Contents
Date:  Wed, 10 Aug 2005 17:12:45 +0300
From:  Josh Zlatin-Amishav <josh@ramat.cc>
Subject:  remote DOS on Wyse thin client 1125SE

 
Synopsis: Wyse Winterm 1125SE Remote DOS.

Product: Wyse Winterm 1125SE
          http://www.wyse.com/products/winterm/1125se/index.htm)

Version: Confirmed on Firmware 4.2.09f, 4.4.061f (latest)

Author: Josh Zlatin-Amishav

Date: August 10, 2005

Background:
The Winterm 1125SE is a thin client which runs the Wyse Blazer operating 
system. More information about the Wyse Blazer OS can be found here:
http://support1.wyse.com/1000Series/1Series_Security.htm)

a quote from the above URL:

The Wyse Blazer OS has a closed source and limited distribution (of the 
source code). Attempts to expose vulnerabilities have been non-existent. 
In addition, the products image design and stateless nature make this 
product the most secure Winterm product available.

...

Proprietary OS  The Wyse Blazer product operates on a non-published, 
proprietary OS. This closed architecture makes the product far more 
secure than open source devices.

Issue:
It is possible to remotely crash the Winterm 1125SE terminal by sending 
a malformed packet with ip option len field set to zero.

PoC:
The exploit is identical to BID 7175. See the following URL for exploit
code:
http://www.securityfocus.com/archive/1/316043

--
  - Josh


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC