[NEWS] Siemens Mobile SMS Exceptional Character Vulnerability

From: support@securiteam.com
Date: 01/15/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Tue, 15 Jan 2002 22:52:50 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Siemens Mobile SMS Exceptional Character Vulnerability
------------------------------------------------------------------------

SUMMARY

Siemens' Mobile phone supports SMS utilizing the
<http://smslink.sourceforge.net/pdu.html> PDU standard. There is a bug in
the mobile phone's display subroutine; whenever it tries to display
special characters the mobile will shut down. In addition, since the SMS
cannot be deleted without viewing it, thus it will remain on the phone
without possibility of deleting it.

DETAILS

Vulnerable systems:
Siemens 3568i (Or below)

Exploit:
 <http://www.benjurry.org/en/program/smsdos.zip>
http://www.benjurry.org/en/program/smsdos.zip
Or,
 <http://www.xfocus.org/download.php?id=10>
http://www.xfocus.org/download.php?id=10

Solution:
Don't display SMS's you receive from strangers. If you receive such an
SMS, you can delete it using the following computer program:
 <http://www.benjurry.org/en/program/sms.zip>
http://www.benjurry.org/en/program/sms.zip
Or,
 <http://www.xfocus.org/download.php?id=11>
http://www.xfocus.org/download.php?id=11

ADDITIONAL INFORMATION

The information has been provided by <mailto:benjurry@xfocus.org>
benjurry.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • Re: Explanation of my annoying bullish behaviour -
    ... freedoms, hundreds, and remedys are all bottom and mobile. ... We display them, then we as deal Tariq and Catherine's communist ...
    (sci.crypt)
  • Re: LG KP220 Price and Features
    ... display and a metallic keypad. ... CandyBar mobile comes with a great list of features. ... Memory: 60 MB inbuilt memory ...
    (sci.electronics.repair)
  • Re: Newbie question...
    ... its exactly like SMS text message that we do with our mobile ... phones. ... Look for SmsOpen/SmsClose function is Windows Mobile ... Write server side scripts (ASP, ...
    (microsoft.public.pocketpc.developer)
  • Re: Letters with **three** cases?
    ... > the mobile phone providers in their phamplets, service contracts, etc. ... verb then it probably refers to SMS. ... > Seán> popular in the USA. ... Since voice calls in Hong Kong are so cheap, ...
    (sci.lang)
  • Re: DMFP - "content download failed" error on Pocket PCs
    ... I don't have a SMS 2003 site I ... That way the device couldn't lookup up the DP site server name. ... >>> But we have a special mobile solution, ...
    (microsoft.public.sms.admin)