sony_ericsson k530i 输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1183857 漏洞类型 输入验证
发布时间 2009-02-03 更新时间 2009-02-03
CVE编号 CVE-2009-0396 CNNVD-ID CNNVD-200902-043
漏洞平台 N/A CVSS评分 7.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2009010069
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-043
|漏洞详情
索尼爱立信W910i,W660i,K618i,K610i,Z610i,K810i,K660i,W880i和K530i手机允许远程攻击者借助一个畸形的发送到(1)SMS或(2)UDP端口2948的WAPPush信息包,引起拒绝服务攻击(驱动重启或中止)。
|漏洞EXP
Security Advisory

MSL-2008-001 - SonyEricsson WAP Push Denial of Service



Advisory Information
--------------------
Title:			
SonyEricsson WAP Push Denial of Service

Advisory ID:		
MSL-2008-001

Advisory URL:
http://www.mseclab.com/index.php?page_id=123

Published:
2009-01-26

Updated:
2009-01-26

Vendor:
SonyEricsson

Platforms:
Multiple


Vulnerability Details
---------------------
Class:
Denial of Service

Remote:
Yes

Local:
No

Public References:
Not Assigned

Affected:
Multiple devices.

Successfully tested on:

W910i
W660i
K618i
K610i
Z610i
K810i
K660i
W880i
K530i

Other devices based on the same (or earlier) platform are likely to be
vulnerable.

Not Affected:
More recent devices may be not vulnerable.

Description:
A malformed WAP Push packet is able to remotely reboot the handset and,
in some cases, completely hang it.

In case the handset hangs, battery removal is needed in order to restore
normal functionalities.
By sending multiple malformed packet via SMS, an attacker may be able to
reboot the handset multiple times, effectively performing an extended
denial of service.

The attack can also be performed over an IP bearer using UDP port 2948.
In this case a single malformed broadcast packet can be used to attack
and disable a large number of devices, leading to a much heavier impact.

Solutions & Workaround:
Not available


Additional Information
----------------------

Vulnerability Status:
The issue has been reported to SonyEricsson.

Mobile Security Lab is aware that the problem has been identified: some
models, more recent than the ones listed in this advisory, have been
found not to be vulnerable.
Further details are not currently available to Mobile Security Lab.

Vendor Statement:
None
|参考资料

来源:SECTRACK
名称:1021634
链接:http://www.securitytracker.com/id?1021634
来源:BID
名称:33433
链接:http://www.securityfocus.com/bid/33433
来源:BUGTRAQ
名称:20090126SonyEricssonWAPPushDenialofService
链接:http://www.securityfocus.com/archive/1/archive/1/500382/100/0/threaded
来源:MISC
链接:http://www.mseclab.com/index.php?page_id=123
来源:SECUNIA
名称:33616
链接:http://secunia.com/advisories/33616