SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (VoIP/Phone/FAX)  >   Nokia Phone Vendors:   Nokia
Nokia 6210 Mobile Phone Format String Flaw in Processing SMS vCards Lets Remote Users Crash the Phone
SecurityTracker Alert ID:  1006168
SecurityTracker URL:  http://securitytracker.com/id/1006168
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Feb 26 2003
Original Entry Date:  Feb 25 2003
Impact:   Denial of service via network
Vendor Confirmed:  Yes  
Version(s): Model 6210; software version 05.27 or above
Description:   A denial of service vulnerability was reported in the Nokia 6210 mobile phone. A remote user can send an SMS message to cause the target user's phone to crash.

@stake reported that there is a format string vulnerability in the phone's processing of multi-part vCards. A remote user can send a specially crafted vCard to potentially cause the phone to crash.

According to the report, when the phone receives a specially malformed vCard via SMS, the phone may crash, requiring the battery to be removed to return the phone to normal operations. Or, the SMS Receiver handler may crash, preventing the reception of any future vCards. Or, according to @stake, the phone may automatically restart. The vendor reportedly indicates that the phone's user interface may be affected when viewing a malicious vCard.

Nokia reportedly states that the flaw will not damage the phone's memory, software, or stored data.

[Editor's note: Regrettably, @stake does not permit us to reproduce their advisory, so we are unable to provide the advisory text in the Source Message. You can reportedly view the advisory at the following location -- however, the web page was not found at the time of this entry: http://www.atstake.com/research/advisories/2003/a022503-1.txt]
Impact:   A remote user can cause a target user's phone to crash or function incorrectly.
Solution:   No solution was available at the time of this entry. The vendor reportedly does not plan to fix this flaw.

@stake recommends that telephone network operators consider deploying SMS proxies to ensure that user-supplied SMS messages are properly formatted.
Vendor URL:  www.nokia.com/nokia/0,,131,00.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  

Message History:   None.

 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC