Re: Siemens *35 and 45 series phones SMS Danial of Service

From: Robert Waldner (rw@coretec.at)
Date: 03/04/03

Next message: OpenPKG: "[OpenPKG-SA-2003.016] OpenPKG Security Advisory (sendmail)"

Previous message: Willis Johnson: "RE: Siemens *35 and 45 series phones SMS Danial of Service"
In reply to: Jan Niehusmann: "Re: Siemens *35 and 45 series phones SMS Danial of Service"
Next in thread: Dawid Szymañski: "RE: Siemens *35 and 45 series phones SMS Danial of Service"
Reply: Dawid Szymañski: "RE: Siemens *35 and 45 series phones SMS Danial of Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bugtraq@securityfocus.com
From: Robert Waldner <rw@coretec.at>
Date: Tue, 04 Mar 2003 09:53:33 +0100

On Mon, 03 Mar 2003 23:46:09 +0100, Jan Niehusmann writes:
>On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote:
>> To vulnerability are subject: All versions siemens *35 and *45.
>[...]
>> languages from the phone language selection menu, will
>> completely disable *35 series phones and result
>> in a 2 minute read delay on *45 series phones. Note that

>Please note that this vulnerability isn't as serious as you describe it.
>At least on my S45, I am able to interrupt this 2 minute delay at any
>time by pressing the 'hang up' key (but I have to press it for about half a
>second instead of just hitting it), the message can be read by using
>'edit message' instead of 'read message', and it can be deleted without
>problems.
>
>So while this obviously is a bug, it can hardly be called a DoS.

However, my S35i is _completely_ disabled, just as the original poster
described, no luck with just pressing the "hang up"-key, one has to
yank the battery out. Also, there is no "Edit Message" available until
after one reads a message, and thus disables the phone.

Please also note that if you append something to the "%String", the bug
no longer hits (for my S35i, that is). Most web->sms - gateways append
some signature to SMSs, and thus, by sheer luck, can't be used to exploit
this.

cheers,
&rw

-- 
/ Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
\   <rw@coretec.at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /

application/pgp-signature attachment: signature.ng

Next message: OpenPKG: "[OpenPKG-SA-2003.016] OpenPKG Security Advisory (sendmail)"

Previous message: Willis Johnson: "RE: Siemens *35 and 45 series phones SMS Danial of Service"
In reply to: Jan Niehusmann: "Re: Siemens *35 and 45 series phones SMS Danial of Service"
Next in thread: Dawid Szymañski: "RE: Siemens *35 and 45 series phones SMS Danial of Service"
Reply: Dawid Szymañski: "RE: Siemens *35 and 45 series phones SMS Danial of Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Disable "edit message" in outlook 2003
... you can use the OUTLK11.ADM file to set a policy that disables that ... The command bar id for Edit> Edit Message is 5604. ... Once you get the ADM file loaded into the Group Policy editor, ...
(microsoft.public.outlook.general)
Re: Disable "edit message" in outlook 2003
... you can use the OUTLK11.ADM file to set a policy that disables that ... The command bar id for Edit> Edit Message is 5604. ... Once you get the ADM file loaded into the Group Policy editor, ...
(microsoft.public.outlook)
Re: Siemens *35 and 45 series phones SMS Danial of Service
... > languages from the phone language selection menu, ... > completely disable *35 series phones and result ... Please note that this vulnerability isn't as serious as you describe it. ... 'edit message' instead of 'read message', and it can be deleted without ...
(Bugtraq)