SMS Server Tools Arbitrary Command Execution Vulnerability

SMS Server Tools is a software package designed to interface with SMS enabled modems, and may send and recieve text messages. SMS Server Tools was designed for Linux and Unix based systems.

A vulnerability has been announced in some versions of SMS Server Tools. This is an issue if input is supplied containing the following special character: '. It may be possible to use this character to execute arbitrary commands through the SMS Server Tools process.

Earlier versions of SMS Server Tools may share this vulnerability. This has not been confirmed.


 

Privacy Statement
Copyright 2010, SecurityFocus