lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 04 Mar 2003 09:53:33 +0100
From: Robert Waldner <rw@...etec.at>
To: bugtraq@...urityfocus.com
Subject: Re: Siemens *35 and 45 series phones SMS Danial of Service


On Mon, 03 Mar 2003 23:46:09 +0100, Jan Niehusmann writes:
>On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote:
>>  To vulnerability are subject: All versions siemens *35 and *45.
>[...]
>>  languages from the phone language selection menu, will
>>  completely disable *35 series phones and result
>>  in a 2 minute read delay on *45 series phones. Note that

>Please note that this vulnerability isn't as serious as you describe it.
>At least on my S45, I am able to interrupt this 2 minute delay at any
>time by pressing the 'hang up' key (but I have to press it for about half a
>second instead of just hitting it), the message can be read by using
>'edit message' instead of 'read message', and it can be deleted without
>problems.
>
>So while this obviously is a bug, it can hardly be called a DoS.

However, my S35i is _completely_ disabled, just as the original poster 
 described, no luck with just pressing the "hang up"-key, one has to 
 yank the battery out. Also, there is no "Edit Message" available until
 after one reads a message, and thus disables the phone.

Please also note that if you append something to the "%String", the bug 
 no longer hits (for my S35i, that is). Most web->sms - gateways append
 some signature to SMSs, and thus, by sheer luck, can't be used to exploit
 this.

cheers,
&rw
-- 
/ Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
\   <rw@...etec.at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /



Download attachment "signature.ng" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ