nanog mailing list archives
Re: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks
From: Marcin Cieslak <saper () saper info>
Date: Wed, 20 Jul 2016 00:16:28 +0000
On Tue, 19 Jul 2016, Jay R. Ashworth wrote:
Heap overflow bug in either a widely used ASN.1 library from Objective Systems, apparently popular with cell-radio industry people. Not sure if this will leak over into NANOG land -- but neither are you, and that's most of my point. DO *you* know if this library is used in your routers? Can you find out? How easily and quickly?
CERT/CC has published a list of contacted vendors: http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=790839&SearchOrder=4
From the timeline:
https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080#8-report-timeline it is not clear if all vendors have been contacted. Wonder how to grep for rtxMemHeapAlloc in the possibly encrypted baseband module firmware. Marcin
Current thread:
- Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks Jay R. Ashworth (Jul 19)
- Re: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks Michael Thomas (Jul 19)
- Re: Fwd: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and networks Marcin Cieslak (Jul 19)