SMS handling OpenSER remote code executing

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SMS handling OpenSER remote code executing
From: sapheal@xxxxxxx
Date: Thu, 28 Dec 2006 14:09:00 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Synopsis:  SMS handling OpenSER remote code executing 
Product:   OpenSER
Version:   <=1.1.0



Issue:
======

A critical security vulnerability has been found in OpenSER SMS
handling module. The vulnerable function should read the SMS 
from the SIM-memory.


Details:
========
int fetchsms(struct modem *mdm, int sim, char* pdu)

The usage of this fuction might lead to memory corruption
conditions. Due to memory corruption conditions remote 
code execution is possible. It happens when "beginning"
is copied to functions argument PDU (char*).


Affected Versions
=================

OpenSER <= 1.1.0

Solution
=========

Proper boundary checking.


Exploitation
============

Exploitation might be conducted by preparing a specially 
crafted SMS message.

Prev by Date: Re: XSS with Vbulletin (new idea !)
Next by Date: Re: XSS - CMS Made Simple v1.0.2
Previous by thread: Re: OpenSER OSP Module remote code execution
Next by thread: Re: SMS handling OpenSER remote code executing
Index(es):
- Date
- Thread