Bugtraq mailing list archives
remote DOS on Wyse thin client 1125SE
From: Josh Zlatin-Amishav <josh () ramat cc>
Date: Wed, 10 Aug 2005 17:12:45 +0300
Synopsis: Wyse Winterm 1125SE Remote DOS. Product: Wyse Winterm 1125SE http://www.wyse.com/products/winterm/1125se/index.htm) Version: Confirmed on Firmware 4.2.09f, 4.4.061f (latest) Author: Josh Zlatin-Amishav Date: August 10, 2005 Background:The Winterm 1125SE is a thin client which runs the Wyse Blazer operating system. More information about the Wyse Blazer OS can be found here:
http://support1.wyse.com/1000Series/1Series_Security.htm) a quote from the above URL:The Wyse Blazer OS has a closed source and limited distribution (of the source code). Attempts to expose vulnerabilities have been non-existent. In addition, the products image design and stateless nature make this product the most secure Winterm product available.
...Proprietary OS The Wyse Blazer product operates on a non-published, proprietary OS. This closed architecture makes the product far more secure than open source devices.
Issue:It is possible to remotely crash the Winterm 1125SE terminal by sending a malformed packet with ip option len field set to zero.
PoC: The exploit is identical to BID 7175. See the following URL for exploit code: http://www.securityfocus.com/archive/1/316043 -- - Josh
Current thread:
- remote DOS on Wyse thin client 1125SE Josh Zlatin-Amishav (Aug 11)