Siemens S55 SMS Send Prompt Bypass Weakness

2004-04-27T17:47:07
ID OSVDB:5703
Type osvdb
Reporter FtR(ftr@phenoelit.de), FX(fx@phenoelit.de)
Modified 2004-04-27T17:47:07

Description

Vulnerability Description

Siemens S55 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious application is executed, which could trick the user into unknowingly confirmimg an SMS message prompt, granting the application the ability to send arbitrary messages.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Siemens S55 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious application is executed, which could trick the user into unknowingly confirmimg an SMS message prompt, granting the application the ability to send arbitrary messages.

References:

Security Tracker: 1009959 Secunia Advisory ID:11492 Other Advisory URL: http://lists.netsys.com/pipermail/full-disclosure/2004-April/020557.html Generic Informational URL: http://lists.netsys.com/pipermail/full-disclosure/2004-April/020661.html CVE-2004-2626 Bugtraq ID: 10227