Siemens Mobile Phone - Buffer Overflow

2007.10.25
Credit: subj
Risk: Medium
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

====================================== ---> Product: Siemens Mobile Phone ---> Version: All *45 series phones ---> OffSite: www.siemens-mobile.com ---> Problem: Buffer Overflow. ====================================== ** General Description ** In phones Siemens of a series 45, I found one more vulnerability, and this time she(it) in my opinion is more dangerous. At reception given sms, the phone is instantly disconnected with any not clear sound when you include the phone. With a kind it(he) works normally, but now to go in Messages-> Inbox to you it will be not possible. All this occurs from for overflow The buffer in the phone. As is known for an insert in the message of a graphic picture such design is used: "%IMG_NAME", and so if instead of IMG_NAME to insert any 157 symbols at reception by the subscriber of such message, there will be above described actions. ** Exploit ** " %.......... ............ ............ ............ ............ ............ ............ ............ ............ ............ ............ ............ ............ ... " or " % [157 symbols of any dust " ** Note ** - > you can not send the given message from the phone siemens as soon as will try to transfer the message the phone to be switched off. - > Is the fastest, the given vulnerability works and on other phones siemens to check up there was no opportunity, all was checked on phones of 45 series. ** Solution ** The decision remains only one to wait while developers will issue the new version of an insertion and then only to begin to rock her(it) in the phone. ** Contacts ** r2subj3ct (at) dwclan (dot) org [email concealed] subj (at) passwd (dot) cc [email concealed] www,dwcgr0up.com | www.dwcgr0up.com/subj/ irc.irochka.net *dwc *phreack *global *dhg ** Greeting ** J0k3r, D4rkGr3y, DethSpirit, r4ShRaY, Kabuto, fnq, agenox, L0vCh1Y, DiZHarM, cybeast, Foster, Moby, ORB, MORPFEY, drG4njubas 3APA3A, DHG, Gipshack, BlackTigerz, rsteam, p0is0n, Security.nno.ru HNCrew. And all who i know...


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top