Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21748
HistoryApr 28, 2009 - 12:00 a.m.

DDIVRT-2009-24 Precidia Ether232 Memory Corruption

2009-04-2800:00:00
vulners.com
24

Title

DDIVRT-2009-24 Precidia Ether232 Memory Corruption

Severity

Medium

Date Discovered

March 10th, 2009

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and princeofnigeria and r@b13$

Vulnerability Description

Certain Precidia Ether232 devices contain memory overwrite and authentication flaws.

By making malformed GET requests to the built-in web server on certain Precidia Ether232
devices, it is possible to arbitrarily overwrite memory on the device and cause unknown impact.

Solution Description

At this point in time, Precidia Technologies has not provided a firmware upgrade addressing the
memory corruption flaw. As a workaround, Precidia Technologies suggests that users disable the
web server on the device through the serial or telnet configuration interface.

Tested Systems / Software (with versions)

Precidia Ether3201-232 w/ firmware 3.00.250
Precidia Ether232 Duo w/ firmware 5.00.02
Other versions are believed to be vulnerable.

Vendor Contact

Vendor Name: Precidia Technologies
Vendor Website: http://www.precidia.com
Contact Information: [email protected], [email protected]