lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001c01c2e3f9$a4b5b990$0400a8c0@cryptkeeper>
Date: Thu, 6 Mar 2003 17:01:14 +0100
From: "Michael Landsmann" <michael@...ticdale.com>
To: <bugtraq@...urityfocus.com>
Subject: Re: Siemens *35 and 45 series phones SMS Danial of Service


No, it won't. You actually have to open the message first, remember? The
phone will just receive the messages, waiting for them to be read.

Oh, by the way: 'Hang up' doesn't work on SL-42 either. It also disables the
phone completely.

--
Michael Landsmann.

----- Original Message -----
From: "Willis Johnson" <willisj@...rosoft.com>
To: <bugtraq@...urityfocus.com>
Sent: Tuesday, March 04, 2003 12:28 AM
Subject: RE: Siemens *35 and 45 series phones SMS Danial of Service


What happens if the string is sent repeatedly while the phone is turned
on but is unattended or receives text messages silently? Is the battery
drained as predicted?

Willis

-----Original Message-----
From: Jan Niehusmann [mailto:jan@...dor.com]
Sent: Monday, March 03, 2003 2:46 PM
To: subj subj
Subject: Re: Siemens *35 and 45 series phones SMS Danial of Service


On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote:
>  To vulnerability are subject: All versions siemens *35 and *45.
[...]
>  languages from the phone language selection menu, will  completely
> disable *35 series phones and result  in a 2 minute read delay on *45
> series phones. Note that

Please note that this vulnerability isn't as serious as you describe it.
At least on my S45, I am able to interrupt this 2 minute delay at any
time by pressing the 'hang up' key (but I have to press it for about
half a second instead of just hitting it), the message can be read by
using 'edit message' instead of 'read message', and it can be deleted
without problems.

So while this obviously is a bug, it can hardly be called a DoS.

Jan



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ