Product: Packeteer PacketShaper Model: 9500/ISP Software: PacketWise 8.x (possibly others) =========== Background =========== Packeteer creates bandwidth management solutions such as the PacketShaper which "is the ultimate scalable platform for optimized WAN application performance?the only all-in-one solution for extending monitoring, shaping, acceleration and compression as well as centralized reporting and management across the distributed enterprise." =========== Description =========== The Packeteer PacketShaper appears to be vulnerable to a buffer overflow which can be triggered by a valid command followed by a long argument (around 1500 bytes). # class show /Inbound/AAAAA... There appear to be other places where such behavior can be seen, e.g. via the web interface: https://xx.xx.xx.xx/clastree.htm?POLICY=/Inbound/Filesharing/BitTorrent/ AAAAA... Both of these examples require either "look" or "touch" access to the device. =========== Impact =========== The watchdog timer will trigger a unit reset/reboot, which takes around 30 seconds. If there is no bypass mechanism in place (e.g. fiber bypass switch), service will be interrupted. Packeteer has not responded to the initial reports.