SecurityHome.eu Security vulnerability: openser110-sms.txt

Home / vulnerabilities PDF

openser110-sms.txt
Posted on 29 December 2006
Source : packetstormsecurity.org Link

Synopsis: SMS handling OpenSER remote code executing
Product: OpenSER
Version: <=1.1.0

Issue:
======

A critical security vulnerability has been found in OpenSER SMS
handling module. The vulnerable function should read the SMS
from the SIM-memory.

Details:
========
int fetchsms(struct modem *mdm, int sim, char* pdu)

The usage of this fuction might lead to memory corruption
conditions. Due to memory corruption conditions remote
code execution is possible. It happens when "beginning"
is copied to functions argument PDU (char*).

Affected Versions
=================

OpenSER <= 1.1.0

Solution
=========

Proper boundary checking.

Exploitation
============

Exploitation might be conducted by preparing a specially
crafted SMS message.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20