Vendor: Pantech (http://www.pantechusa.com)
Product: Link P7040P, others may be vulnerable
Version affected: JLUS040201 confirmed, others may be vulnerable
Product description:
The Pantech Link is a mobile phone supporting a 2.4" LCD screen and full
keyboard that facilitates simple text messaging.
Credit: Paul Kehrer of Trustwave SpiderLabs
Finding: Vulnerability in Pantech Web Browser SSL Implementation
Symptoms of successful attack
One or more of the following:
*Control panel lights are blinking, no response to pushing buttons
*LCD panel displays error message
*LCD panel displays a halted progress bar
*Switching power off from on/off button takes more than 10 seconds
Proof of Concept:
In summary, if the victim visits our evil proof-of-concept webpage,
his/her browser sends a HTTP request to the BT Home Hub's web
interface. After this, the Home Hub starts a VoIP/telephone connection
to the recipient's phone number specified in the exploit page. This is
what the attack looks like: the victim's VoIP telephone starts ringing
and shows an external call message on the LCD screen along with the
recipient's phone number. However, what's interesting is that from the
point of view of the victim, it looks like he/she is receiving a phone
call from the number shown on the screen, but in fact he/she is
calling that number! Sweet, simple and effective, just the way we like
it at GNUCITIZEN!
-----------------
Vendor product information, from www.ab.com :
With online editing and a built-in 10/100 Mbps EtherNet/IP port for
peer-to-peer messaging, the MicroLogix 1100 controller adds greater
connectivity and application coverage to the MicroLogix family of
Allen-Bradley controllers. This next generation controller's built-in LCD
screen displays controller status, I/O status, and simple operator messages;
enables bit and integer manipulation; offers digital trim pot functionality,
and a means to make operating mode changes (Prog / Remote / Run).
With 10 digital inputs, 2 analog inputs and 6 digital outputs, the
MicroLogix 1100 can handle a wide variety of tasks. The MicroLogix 1100
#
#############################################################
Introduction:
-------------
A malicious user who can send spoofed packets to an IP phone is able to freeze it. A potential victim does not recognize that his IP phone is offline until he tries to use it. Signs which make it obvious for the victim that his IP phone is not working are that he does not here a line peep sound when trying to make a call or that the LCD display is not updated.
The attack uses valid UNIStim "Mute / UnMute" messages which are sent to the IP phone with a spoofed server source address.
Nortel has noted this as:
Title: Potential DoS Vulnerability - IP Phone Freeze to Offline State
denial-of-service condition requires
power cycling the device. Due to the black box nature of this Proof of
concept attack, we are unable to know
if remote code execution is possible.
On the LCD screen we can see this message;
System Fault: (ubEmulationLen <= Longest_Lang_Length) && The result of
strlen() is invalid
file PJL_Misc.c, line 174, task PJL
* Short biography and qualification
* Speaking experience
* Do you need or have a visa to come to Brasil?
* Summary or abstract for your presentation
* is it a 30 minute or a 15 minute talk?
* Technical requirements (others than LCD Projector)
* Other publications or conferences where this material has been or
will be published/submitted.
We do accept submissions in English, Portuguese or Spanish.
1. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to obtain device configuration file with all the settings including administrator's password. An attacker should set up a tftp/ftp server to receive configuration file to exploit the vulnerability.
2. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to upload configuration file to the device.
3. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to modify the message shown on the device LCD display.
4. A vulnerability exists in web management interface of Dlink DPH 150SE and allows an unauthenticated user to reboot device, causing temporary/permanent denial of service.
--[ How to fix ]
* Short biography and qualification
* Speaking experience
* Do you need or have a visa to come to Brasil?
* Summary or abstract for your presentation
* is it a 30 minute or a 15 minute talk?
* Technical requirements (others than LCD Projector)
* Other publications or conferences where this material has been or
will be published/submitted.
VERY IMPORTANT DATES
decoding of keystrokes of Microsoft 27Mhz based keyboards.
Extensions
Hardware extensions are easy to realize because two different
interfaces, a second USART, I²C/TWI and SPI, are
externalized. Therefore so called Backpacks e. g. an LCD display
controller can be connected using the USART
Interface.
The Future
Future extensions include amplification for antennas, support of other
