发布时间 :2005-12-10 21:03:00
修订时间 :2011-03-07 21:27:46

[原文]Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and reset packets sent to port 5492.

[CNNVD]Soti Pocket Controller-Professional远程命令执行漏洞(CNNVD-200512-187)

        Soti Pocket Controller-Professional 5.0存在远程命令执行漏洞,远程攻击者可以通过发送到5492端口的一系列初始化、命令和重置数据包来关闭、重新引导或强制重设PDA。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  VUPEN  ADV-2005-2821
(UNKNOWN)  BID  15775
(VENDOR_ADVISORY)  BUGTRAQ  20051207 Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401)

- 漏洞信息

Soti Pocket Controller-Professional远程命令执行漏洞
高危 访问验证错误
2005-12-10 00:00:00 2005-12-12 00:00:00
        Soti Pocket Controller-Professional 5.0存在远程命令执行漏洞,远程攻击者可以通过发送到5492端口的一系列初始化、命令和重置数据包来关闭、重新引导或强制重设PDA。

- 公告与补丁


- 漏洞信息

Pocket Controller PDA Unauthenticated Crafted Command Remote DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-12-07 2005-08-04
Unknow Unknow

- 解决方案

Upgrade to version 5.05 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Soti Pocket Controller-Professional Remote Command Execution Vulnerability
Access Validation Error 15775
Yes No
2005-12-08 12:00:00 2006-02-07 08:55:00
Discovered by Jonathan Read and Seth Fogie.

- 受影响的程序版本

Soti Pocket Controller-Professional 5.0
Soti Pocket Controller-Professional 5.05

- 不受影响的程序版本

Soti Pocket Controller-Professional 5.05

- 漏洞讨论

Soti Pocket Controller-Professional is prone to a remote command-execution vulnerability. Successful exploitation could allow an attacker to cause a hard reset of the device, resulting in a loss of data and installed applications.

Pocket Controller-Professional v5 is vulnerable; other versions may also be affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

The vendor has released version 5.05 to address this issue. Contact the vendor for details on obtaining the appropriate update.

- 相关参考