On Mon, 03 Mar 2003 23:46:09 +0100, Jan Niehusmann writes:
>On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote:
>> To vulnerability are subject: All versions siemens *35 and *45.
>[...]
>> languages from the phone language selection menu, will
>> completely disable *35 series phones and result
>> in a 2 minute read delay on *45 series phones. Note that

>Please note that this vulnerability isn't as serious as you describe it.
>At least on my S45, I am able to interrupt this 2 minute delay at any
>time by pressing the 'hang up' key (but I have to press it for about half a
>second instead of just hitting it), the message can be read by using
>'edit message' instead of 'read message', and it can be deleted without
>problems.
>
>So while this obviously is a bug, it can hardly be called a DoS.

However, my S35i is _completely_ disabled, just as the original poster
described, no luck with just pressing the "hang up"-key, one has to
yank the battery out. Also, there is no "Edit Message" available until
after one reads a message, and thus disables the phone.

Please also note that if you append something to the "%String", the bug
no longer hits (for my S35i, that is). Most web->sms - gateways append
some signature to SMSs, and thus, by sheer luck, can't be used to exploit
this.

cheers,
&rw
--
/ Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ <rw (at) coretec (dot) at [email concealed]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /

[ reply ]