Siemens Mobile Phones %IMG_NAME远程拒绝服务攻击漏洞

Siemens Mobile Phones %IMG_NAME远程拒绝服务攻击漏洞

漏洞ID 1202866 漏洞类型 缓冲区溢出
发布时间 2003-05-06 更新时间 2003-12-31
图片[1]-Siemens Mobile Phones %IMG_NAME远程拒绝服务攻击漏洞-安全小百科CVE编号 CVE-2003-1464
图片[2]-Siemens Mobile Phones %IMG_NAME远程拒绝服务攻击漏洞-安全小百科CNNVD-ID CNNVD-200312-197
漏洞平台 N/A CVSS评分 7.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100108
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-197
|漏洞详情
西门子45系列手机存在漏洞。西门子45系列手机对短消息图象附件处理存在问题,远程程攻击者可以利用这个漏洞发送畸形短消息对目标用户手机进行拒绝服务攻击。由于对SMS消息中包含的超大图象名缺少正确的边界缓冲区检查,攻击者如果使用的图象名称为’%157字符’的短消息提交给目标用户,45系列西门子手机就会挂起。
|漏洞EXP


======================================

---> Product: Siemens Mobile Phone

---> Version: All *45 series phones

---> OffSite: www.siemens-mobile.com

---> Problem: Buffer Overflow.

======================================

** General Description **

In phones Siemens of a series 45, I found one more vulnerability, and

this time she(it) in my opinion is more dangerous.

At reception given sms, the phone is instantly disconnected with any not

clear sound when you include the phone.

With a kind it(he) works normally, but now to go in Messages-> Inbox to

you it will be not possible. All this occurs from for overflow

The buffer in the phone.

As is known for an insert in the message of a graphic picture such design

is used: "%IMG_NAME", and so if instead of IMG_NAME to insert any 157

symbols at reception by the subscriber of such message, there will be

above described actions.

** Exploit **

" %..........

............

............

............

............

............

............

............

............

............

............

............

............

... "

or

" % [157 symbols of any dust "

** Note **

- > you can not send the given message from the phone siemens as soon as

will try to transfer the message the phone to be switched off.

- > Is the fastest, the given vulnerability works and on other phones

siemens to check up there was no opportunity, all was checked on phones

of 45 series.

** Solution **

The decision remains only one to wait while developers will issue the new

version of an insertion and then only to begin to rock her(it) in the

phone.

** Contacts **

r2subj3ct (at) dwclan (dot) org [email concealed]

subj (at) passwd (dot) cc [email concealed]

www,dwcgr0up.com | www.dwcgr0up.com/subj/

irc.irochka.net *dwc *phreack *global *dhg

** Greeting **

J0k3r, D4rkGr3y, DethSpirit, r4ShRaY, Kabuto, fnq, agenox, L0vCh1Y,

DiZHarM, cybeast, Foster, Moby, ORB, MORPFEY, drG4njubas

3APA3A, DHG, Gipshack, BlackTigerz, rsteam, p0is0n, Security.nno.ru

HNCrew. And all who i know...
|参考资料

来源:XF
名称:siemens-sms-image-bo(11950)
链接:http://xforce.iss.net/xforce/xfdb/11950
来源:BID
名称:7507
链接:http://www.securityfocus.com/bid/7507
来源:BUGTRAQ
名称:20030506SiemensMobilePhone-BufferOverflow
链接:http://www.securityfocus.com/archive/1/320555
来源:SREASON
名称:3287
链接:http://securityreason.com/securityalert/3287
来源:NSFOCUS
名称:4788
链接:http://www.nsfocus.net/vulndb/4788

相关推荐: Newsscript Administrative Privilege Elevation Vulnerability

Newsscript Administrative Privilege Elevation Vulnerability 漏洞ID 1100203 漏洞类型 Input Validation Error 发布时间 2003-05-27 更新时间 2003-05-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享