-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Nokia 6210 DoS SMS Issue Release Date: 02/25/2003 Application: Nokia 6210 Platform: Nokia 6210 Severity: An attacker is able to cause a 6210 to crash Author: Ollie Whitehouse [ollieat_private] Vendor Status: Vendor has supplied attack recovery procedure CVE Candidate: CVE Candidate number applied for Reference: www.atstake.com/research/advisories/2003/a022503-1.txt Overview: Nokia's (http://www.nokia.com) 6210 handset is a cellular ME designed for business users supporting GSM and HSCSD, data services and vCard extensions to SMS. VCards are common attachments used for exchanging address book information between parties which support RFC2426 (http://www.faqs.org/rfcs/rfc2426.html). This includes products from Microsoft, Netscape and Lotus (although these products are not affected by this advisory). There is a vulnerability which allows an attacker to send a malicous vCard to a handset, causing to crash in one of three ways. This is a good example of why all newly introduced product functionality should be reviewed to ensure that no new security vulnerabilities will also be introduced. A cursory souce code audit would find an error of this type. Details: There is a format string vulnerability in the processing of Multi- Part vCards. When the phone receives vCard fields containing many format string characters the phone will crash in one of 3 ways: - SMS Receiver handler will die - Phone will lock up, requiring battery to be removed - Phone will automatically restart Vendor Response: Response to the security advisory "Nokia 6210 DoS SMS Issue" submitted by @stake Inc. in January 2003: Some users of the Nokia 6210 may potentially experience an error when someone deliberately sends a specially created non-standard Business Card-text message to the phone. The error causes the Nokia 6210 to either a) crash b) show corrupted business card with ill-behaving user interface or c) reject the business card and all the following business cards, non-standard or not. Users will recover from the error if they restart the phone by removing the battery. There is no damage caused to the phone memory, software or stored data. The error affects the Nokia 6210 with SW version 05.27 or above. The possibility of this error occuring is very remote, as it is depending on the potential attacker's ability to create and send malformatted Business Cards over the air to the Nokia 6210 mobile phone. In addition it is very simple to deal with the error, as the user only needs to restart the phone by removing the battery and there is no damage caused to the phone memory, software or stored data. Due to these reasons, Nokia currently has no plans to issue a software fix for this error caused by an intentional action of a person. Recommendation: Operators should look to deploy SMS proxies ensuring that all user supplied SMSes are correctly formed and that any malformed SMSes are not recieved by the SMSC. Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE candidate number applied for @stake Vulnerability Reporting Policy: http://www.atstake.com/research/policy/ @stake Advisory Archive: http://www.atstake.com/research/advisories/ PGP Key: http://www.atstake.com/research/pgp_key.asc Copyright 2003 @stake, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPlvf1Ue9kNIfAm4yEQJJBQCfYBoBaANAvASSrX+qdGdDIGRqrJcAniZH NhoPqG0D5SZNV7cuMbzH8671 =uCuv -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Feb 25 2003 - 13:39:35 PST