Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-0859 to a friend New vulnerability? New tool? Tell us	CVE-2007-0859 Palm OS Treo Find Feature System Password Bypass     Credit: The information has been provided by Symantec Vulnerability Research. The original article can be found at: http://www.securityfocus.com/bid/22468 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-0859 Details Check for CVE-2007-0859 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Palm OS Treo smart phones - Tested on Verizon, Sprint, & Cingular Treo 650 (Treo650-1.03a-VZW & Treo650-1.12-SPCS), Cingular Treo 680, and Sprint/Verizon Treo 700p phones The Find feature can be accessed when the handheld is locked by issuing keyboard shortcut keys on the Emergency Call screen and the Call In Progress screen that is displayed when an incoming call is accepted. More details for each of these methods is listed below. Emergency Call Screen: From the System Lockout screen, select 'Make Emergency Call'. Press the keyboard shortcut keys for Find (Option Key + Find Key). This will open the Find window on the bottom half of the screen. Enter the desired text to search and click on 'OK'. (Searching on a single space usually returns data) To access the Edit window, press the Menu key while the Find window is open. Select Paste from the Edit window to paste previously cut or copied data in the Find window. Call In Progress screen: Accept an incoming call. Press the keyboard shortcut keys for Find (Option Key + Find Key) during the call. This will open the Find window on the bottom half of the screen. Enter the desired text to search and click on 'OK'. (Searching on a single space usually returns data) To access the Edit window, press the Menu key while the Find window is open. Select Paste from the Edit window to paste previously cut or copied data in the Find window. Note: The Find window will stay open after a call has been disconnected. However, users will be returned to the Lockout screen when the find results are closed. Disclosure Timeline:  * 14-08-2006: Initial Vendor Notification.  * 06-09-2006: Vendor acknowledges receipt of vulnerability description.  * 06-09-2006: Vendor confirms vulnerability.  * 19-01-2007: Vendor decides not to fix vulnerability.  * 14-02-2007: Advisory released. Fix: In the interim of a patch being released to address this vulnerability, users should be notified of this condition so that they may take appropriate actions including encrypting sensitive handheld databases. CVE Information: CVE-2007-0859  Comments on CVE-2007-0859:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®