https://cxsecurity.com/issue/WLB-2007100108
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-197

西门子45系列手机存在漏洞。西门子45系列手机对短消息图象附件处理存在问题，远程程攻击者可以利用这个漏洞发送畸形短消息对目标用户手机进行拒绝服务攻击。由于对SMS消息中包含的超大图象名缺少正确的边界缓冲区检查，攻击者如果使用的图象名称为’%157字符’的短消息提交给目标用户，45系列西门子手机就会挂起。

======================================

---> Product: Siemens Mobile Phone

---> Version: All *45 series phones

---> OffSite: www.siemens-mobile.com

---> Problem: Buffer Overflow.

======================================

** General Description **

In phones Siemens of a series 45, I found one more vulnerability, and

this time she(it) in my opinion is more dangerous.

At reception given sms, the phone is instantly disconnected with any not

clear sound when you include the phone.

With a kind it(he) works normally, but now to go in Messages-> Inbox to

you it will be not possible. All this occurs from for overflow

The buffer in the phone.

As is known for an insert in the message of a graphic picture such design

is used: "%IMG_NAME", and so if instead of IMG_NAME to insert any 157

symbols at reception by the subscriber of such message, there will be

above described actions.

** Exploit **

" %..........

............

............

............

............

............

............

............

............

............

............

............

............

... "

or

" % [157 symbols of any dust "

** Note **

- > you can not send the given message from the phone siemens as soon as

will try to transfer the message the phone to be switched off.

- > Is the fastest, the given vulnerability works and on other phones

siemens to check up there was no opportunity, all was checked on phones

of 45 series.

** Solution **

The decision remains only one to wait while developers will issue the new

version of an insertion and then only to begin to rock her(it) in the

phone.

** Contacts **

r2subj3ct (at) dwclan (dot) org [email concealed]

subj (at) passwd (dot) cc [email concealed]

www,dwcgr0up.com | www.dwcgr0up.com/subj/

irc.irochka.net *dwc *phreack *global *dhg

** Greeting **

J0k3r, D4rkGr3y, DethSpirit, r4ShRaY, Kabuto, fnq, agenox, L0vCh1Y,

DiZHarM, cybeast, Foster, Moby, ORB, MORPFEY, drG4njubas

3APA3A, DHG, Gipshack, BlackTigerz, rsteam, p0is0n, Security.nno.ru

HNCrew. And all who i know...

来源:XF
名称:siemens-sms-image-bo(11950)
链接:http://xforce.iss.net/xforce/xfdb/11950
来源:BID
名称:7507
链接:http://www.securityfocus.com/bid/7507
来源:BUGTRAQ
名称:20030506SiemensMobilePhone-BufferOverflow
链接:http://www.securityfocus.com/archive/1/320555
来源:SREASON
名称:3287
链接:http://securityreason.com/securityalert/3287
来源：NSFOCUS
名称：4788
链接：http://www.nsfocus.net/vulndb/4788