Re: Siemens *35 and 45 series phones SMS Danial of Service

From: Andreas Hofmeister (andi@solutions.pyramid.de)
Date: 03/04/03

  • Next message: security@caldera.com: "Security Update: [CSSA-2003-SCO.3] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability with pipe symbols in filenames"
    Date: Tue, 04 Mar 2003 01:33:10 +0100
    From: Andreas Hofmeister <andi@solutions.pyramid.de>
    To: Jan Niehusmann <jan@gondor.com>
    
    

    Jan Niehusmann wrote:

    >On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote:
    >
    >
    >> To vulnerability are subject: All versions siemens *35 and *45.
    >>
    <snip>

    > the message can be read by using
    >'edit message' instead of 'read message', and it can be deleted without
    >problems.
    >
    >So while this obviously is a bug, it can hardly be called a DoS.
    >

    An S35 locks up *completly* when one attemps to read the message -
    worse: you had to read the message (wich is not possible) before you
    could delete it, there is no edit option in the message list. Regarding
    the S35 it really is a DoS.

    Ciao
      Andreas


  • Next message: security@caldera.com: "Security Update: [CSSA-2003-SCO.3] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability with pipe symbols in filenames"