Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
Marcin Cieslak
saper at saper.info
Wed Jul 20 00:16:28 UTC 2016
On Tue, 19 Jul 2016, Jay R. Ashworth wrote:
> Heap overflow bug in either a widely used ASN.1 library from Objective Systems,
> apparently popular with cell-radio industry people. Not sure if this will
> leak over into NANOG land -- but neither are you, and that's most of my point.
>
> DO *you* know if this library is used in your routers? Can you find out?
>
> How easily and quickly?
CERT/CC has published a list of contacted vendors:
http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=790839&SearchOrder=4
>From the timeline:
https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080#8-report-timeline
it is not clear if all vendors have been contacted.
Wonder how to grep for rtxMemHeapAlloc in the possibly encrypted
baseband module firmware.
Marcin
More information about the NANOG
mailing list