[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks

Subject: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
From: saper at saper.info (Marcin Cieslak)
Date: Wed, 20 Jul 2016 00:16:28 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Tue, 19 Jul 2016, Jay R. Ashworth wrote:

> Heap overflow bug in either a widely used ASN.1 library from Objective Systems,
> apparently popular with cell-radio industry people.  Not sure if this will 
> leak over into NANOG land -- but neither are you, and that's most of my point.
> 
> DO *you* know if this library is used in your routers?  Can you find out?
> 
> How easily and quickly?

CERT/CC has published a list of contacted vendors:

http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=790839&SearchOrder=4

>From the timeline:

https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080#8-report-timeline

it is not clear if all vendors have been contacted.

Wonder how to grep for rtxMemHeapAlloc in the possibly encrypted
baseband module firmware.


Marcin

References:
- Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
  - From: jra at baylink.com (Jay R. Ashworth)

Prev by Date: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
Next by Date: Speedtest.net not accessible in Chrome due to deceptive ads
Previous by thread: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
Next by thread: Speedtest.net not accessible in Chrome due to deceptive ads
Index(es):
- Date
- Thread