On Mon, 03 Mar 2003 23:46:09 +0100, Jan Niehusmann writes: >On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote: >> To vulnerability are subject: All versions siemens *35 and *45. >[...] >> languages from the phone language selection menu, will >> completely disable *35 series phones and result >> in a 2 minute read delay on *45 series phones. Note that >Please note that this vulnerability isn't as serious as you describe it. >At least on my S45, I am able to interrupt this 2 minute delay at any >time by pressing the 'hang up' key (but I have to press it for about half a >second instead of just hitting it), the message can be read by using >'edit message' instead of 'read message', and it can be deleted without >problems. > >So while this obviously is a bug, it can hardly be called a DoS. However, my S35i is _completely_ disabled, just as the original poster described, no luck with just pressing the "hang up"-key, one has to yank the battery out. Also, there is no "Edit Message" available until after one reads a message, and thus disables the phone. Please also note that if you append something to the "%String", the bug no longer hits (for my S35i, that is). Most web->sms - gateways append some signature to SMSs, and thus, by sheer luck, can't be used to exploit this. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <rwat_private> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /
This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 12:22:18 PST