AOH :: HP Unsorted S :: C07-1508.HTM

SMS handling OpenSER remote code executing



SMS handling OpenSER remote code executing
SMS handling OpenSER remote code executing



Synopsis:  SMS handling OpenSER remote code executing 
Product:   OpenSER
Version:   <=1.1.0



Issue:
=====
A critical security vulnerability has been found in OpenSER SMS
handling module. The vulnerable function should read the SMS 
from the SIM-memory.


Details:
=======int fetchsms(struct modem *mdm, int sim, char* pdu)

The usage of this fuction might lead to memory corruption
conditions. Due to memory corruption conditions remote 
code execution is possible. It happens when "beginning"
is copied to functions argument PDU (char*).


Affected Versions
================
OpenSER <= 1.1.0

Solution
========
Proper boundary checking.


Exploitation
===========
Exploitation might be conducted by preparing a specially 
crafted SMS message.





The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.