Re: Siemens *35 and 45 series phones SMS Danial of Service

From: Robert Waldner (rw@coretec.at)
Date: 03/04/03

  • Next message: OpenPKG: "[OpenPKG-SA-2003.016] OpenPKG Security Advisory (sendmail)"
    To: bugtraq@securityfocus.com
    From: Robert Waldner <rw@coretec.at>
    Date: Tue, 04 Mar 2003 09:53:33 +0100
    
    
    

    On Mon, 03 Mar 2003 23:46:09 +0100, Jan Niehusmann writes:
    >On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote:
    >> To vulnerability are subject: All versions siemens *35 and *45.
    >[...]
    >> languages from the phone language selection menu, will
    >> completely disable *35 series phones and result
    >> in a 2 minute read delay on *45 series phones. Note that

    >Please note that this vulnerability isn't as serious as you describe it.
    >At least on my S45, I am able to interrupt this 2 minute delay at any
    >time by pressing the 'hang up' key (but I have to press it for about half a
    >second instead of just hitting it), the message can be read by using
    >'edit message' instead of 'read message', and it can be deleted without
    >problems.
    >
    >So while this obviously is a bug, it can hardly be called a DoS.

    However, my S35i is _completely_ disabled, just as the original poster
     described, no luck with just pressing the "hang up"-key, one has to
     yank the battery out. Also, there is no "Edit Message" available until
     after one reads a message, and thus disables the phone.

    Please also note that if you append something to the "%String", the bug
     no longer hits (for my S35i, that is). Most web->sms - gateways append
     some signature to SMSs, and thus, by sheer luck, can't be used to exploit
     this.

    cheers,
    &rw

    -- 
    / Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
    \   <rw@coretec.at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /
    
    



  • Next message: OpenPKG: "[OpenPKG-SA-2003.016] OpenPKG Security Advisory (sendmail)"

    Relevant Pages

    • Re: Disable "edit message" in outlook 2003
      ... you can use the OUTLK11.ADM file to set a policy that disables that ... The command bar id for Edit> Edit Message is 5604. ... Once you get the ADM file loaded into the Group Policy editor, ...
      (microsoft.public.outlook.general)
    • Re: Disable "edit message" in outlook 2003
      ... you can use the OUTLK11.ADM file to set a policy that disables that ... The command bar id for Edit> Edit Message is 5604. ... Once you get the ADM file loaded into the Group Policy editor, ...
      (microsoft.public.outlook)
    • Re: Siemens *35 and 45 series phones SMS Danial of Service
      ... > languages from the phone language selection menu, ... > completely disable *35 series phones and result ... Please note that this vulnerability isn't as serious as you describe it. ... 'edit message' instead of 'read message', and it can be deleted without ...
      (Bugtraq)