lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <79163095.20030307125306@haack-it.de>
Date: Fri, 7 Mar 2003 12:53:06 +0100
From: Matti Haack <m.haack@...ck-it.de>
To: bugtraq@...urityfocus.com
Subject: Re[2]: Siemens *35 and 45 series phones SMS Danial of Service


Not all SL42 (wich should be identical with SL45) are influenced by
the bug. My SL42i shows luckily the DNS "%Deutsch" string without
error.

> No, it won't. You actually have to open the message first, remember? The
> phone will just receive the messages, waiting for them to be read.
But if you open it, you are cought... And how to determine if it is a
good or bad SMS?

Matti Haack

> Oh, by the way: 'Hang up' doesn't work on SL-42 either. It also disables the
> phone completely.

> --
> Michael Landsmann.

> ----- Original Message -----
> From: "Willis Johnson" <willisj@...rosoft.com>
> To: <bugtraq@...urityfocus.com>
> Sent: Tuesday, March 04, 2003 12:28 AM
> Subject: RE: Siemens *35 and 45 series phones SMS Danial of Service


> What happens if the string is sent repeatedly while the phone is turned
> on but is unattended or receives text messages silently? Is the battery
> drained as predicted?

> Willis

> -----Original Message-----
> From: Jan Niehusmann [mailto:jan@...dor.com]
> Sent: Monday, March 03, 2003 2:46 PM
> To: subj subj
> Subject: Re: Siemens *35 and 45 series phones SMS Danial of Service


> On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote:
>>  To vulnerability are subject: All versions siemens *35 and *45.
> [...]
>>  languages from the phone language selection menu, will  completely
>> disable *35 series phones and result  in a 2 minute read delay on *45
>> series phones. Note that

> Please note that this vulnerability isn't as serious as you describe it.
> At least on my S45, I am able to interrupt this 2 minute delay at any
> time by pressing the 'hang up' key (but I have to press it for about
> half a second instead of just hitting it), the message can be read by
> using 'edit message' instead of 'read message', and it can be deleted
> without problems.

> So while this obviously is a bug, it can hardly be called a DoS.

> Jan



- 
Matti Haack - Hit Haack IT Service Gmbh
Neuburger Strasse 35, D-94032 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ