SecurityTracker.com Archives - Nokia 6210 Mobile Phone Format String Flaw in Processing SMS vCards Lets Remote Users Crash the Phone

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Device (Phone/FAX) > Nokia Phone

Nokia 6210 Mobile Phone Format String Flaw in Processing SMS vCards Lets Remote Users Crash the Phone

SecurityTracker Alert ID: 1006168

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Updated: Feb 26 2003

Original Entry Date: Feb 25 2003

Impact: Denial of service via network

Vendor Confirmed: Yes

Advisory: @Stake - L0pht

Version(s): Model 6210; software version 05.27 or above

Description: A denial of service vulnerability was reported in the Nokia 6210 mobile phone. A remote user can send an SMS message to cause the target user's phone to crash.

@stake reported that there is a format string vulnerability in the phone's processing of multi-part vCards. A remote user can send a specially crafted vCard to potentially cause the phone to crash.

According to the report, when the phone receives a specially malformed vCard via SMS, the phone may crash, requiring the battery to be removed to return the phone to normal operations. Or, the SMS Receiver handler may crash, preventing the reception of any future vCards. Or, according to @stake, the phone may automatically restart. The vendor reportedly indicates that the phone's user interface may be affected when viewing a malicious vCard.

Nokia reportedly states that the flaw will not damage the phone's memory, software, or stored data.

[Editor's note: Regrettably, @stake does not permit us to reproduce their advisory, so we are unable to provide the advisory text in the Source Message. You can reportedly view the advisory at the following location -- however, the web page was not found at the time of this entry: http://www.atstake.com/research/advisories/2003/a022503-1.tx t]

Impact: A remote user can cause a target user's phone to crash or function incorrectly.

Solution: No solution was available at the time of this entry. The vendor reportedly does not plan to fix this flaw.

@stake recommends that telephone network operators consider deploying SMS proxies to ensure that user-supplied SMS messages are properly formatted.

Vendor URL: www.nokia.com/nokia/0,,131,00.html (Links to External Site)

Cause: Input validation error

Reported By: "@stake Advisories" <advisories@atstake.com>

Message History: None.

Source Message Contents

 

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2002, SecurityGlobal.net LLC