| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | SMS handling OpenSER remote code executing |
| From: | sapheal@hack.pl |
| Date: | Thu, 28 Dec 2006 14:09:00 +0100 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Synopsis: SMS handling OpenSER remote code executing Product: OpenSER Version: <=1.1.0 Issue: ====== A critical security vulnerability has been found in OpenSER SMS handling module. The vulnerable function should read the SMS from the SIM-memory. Details: ======== int fetchsms(struct modem *mdm, int sim, char* pdu) The usage of this fuction might lead to memory corruption conditions. Due to memory corruption conditions remote code execution is possible. It happens when "beginning" is copied to functions argument PDU (char*). Affected Versions ================= OpenSER <= 1.1.0 Solution ========= Proper boundary checking. Exploitation ============ Exploitation might be conducted by preparing a specially crafted SMS message. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: XSS with Vbulletin (new idea !), l . d . 0 |
|---|---|
| Next by Date: | [SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution, Moritz Muehlenhoff |
| Previous by Thread: | OpenSER OSP Module remote code execution, sapheal |
| Next by Thread: | [SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution, Moritz Muehlenhoff |
| Indexes: | [Date] [Thread] [Top] [All Lists] |