Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks

• Previous message (by thread): Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
• Next message (by thread): Speedtest.net not accessible in Chrome due to deceptive ads
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 19 Jul 2016, Jay R. Ashworth wrote:

> Heap overflow bug in either a widely used ASN.1 library from Objective Systems,
> apparently popular with cell-radio industry people.  Not sure if this will 
> leak over into NANOG land -- but neither are you, and that's most of my point.
> 
> DO *you* know if this library is used in your routers?  Can you find out?
> 
> How easily and quickly?

CERT/CC has published a list of contacted vendors:

http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=790839&SearchOrder=4

>From the timeline:

https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080#8-report-timeline

it is not clear if all vendors have been contacted.

Wonder how to grep for rtxMemHeapAlloc in the possibly encrypted
baseband module firmware.


Marcin

• Previous message (by thread): Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
• Next message (by thread): Speedtest.net not accessible in Chrome due to deceptive ads
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]