PocketPC
======
2) Bug
======
The pocketpc and show_gallery_pic URI are used by the external users
for watching the images of the current webcams.
The problem is that there are no checks on the webcam's number passed
by the client allowing an attacker to go outside the array which
contains all the data about each webcam.
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-011
Advisory Title: Microsoft Windows Mobile 5 PocketPC Phone Edition
SMS Handler Issue With Regard to Malformed WAP Push
Messages Hiding Source
Author: Ollie Whitehouse / ollie_whitehouse@symantec.com
Release Date: 17-10-2007
Application: Microsoft Windows Mobile 5 PocketPC
Minimo <=.2 and Firefox 2.0.0.6
http://airscanner.com/security/07080103_minimo.2.htm
Platform:
Tested on Minimo .016 and .2 Windows Mobile Pocket PC 2005 and Firefox
2.0.0.6 Windows XP SP2
Requirements:
Mobile device running Windows Mobile Pocket PC or Firefox 2.0.0.6 on XP
- Traffic analysis
--- Wireless & VoIP security
- 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
- PDA & mobile protocol analysis
- Palm, Pocket Pc
- Wireless gateway
- VoIP security & vulnerability analysis
- WLANs hardening & vulnerability analysis
---P2P technique
>> - Intrusion detection and anti-detection technique
>>
>> --- Wireless & VoIP security
>> - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
>> - PDA & mobile protocol analysis
>> - Palm, Pocket Pc
>> - Wireless gateway
>> - VoIP security & vulnerability analysis
>> - WLANs hardening & vulnerability analysis
>>
>> ---P2P technique
- Traffic analysis
--- Wireless & VoIP security
- 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
- PDA & mobile protocol analysis
- Palm, Pocket Pc
- Wireless gateway
- VoIP security & vulnerability analysis
- WLANs hardening & vulnerability analysis
---P2P technique
> - Intrusion detection and anti-detection technique
>
> --- Wireless & VoIP security
> - 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
> - PDA & mobile protocol analysis
> - Palm, Pocket Pc
> - Wireless gateway
> - VoIP security & vulnerability analysis
> - WLANs hardening & vulnerability analysis
>
> ---P2P technique
- Traffic analysis
--- Wireless & VoIP security
- 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
- PDA & mobile protocol analysis
- Palm, Pocket Pc
- Wireless gateway
- VoIP security & vulnerability analysis
- WLANs hardening & vulnerability analysis
---P2P technique
- Intrusion detection and anti-detection technique
--- Wireless & VoIP security
- 802.11x, CDPD, Bluetooth, WAP/TDMA, GSM, SMS
- PDA & mobile protocol analysis
- Palm, Pocket Pc
- Wireless gateway
- VoIP security & vulnerability analysis
- WLANs hardening & vulnerability analysis
---P2P technique
condition exists with the Microsoft IP stack wherein a specially
crafted IGMP packet causes a denial of service condition. In
Microsoft's original advisory, Windows CE was omitted as a
vulnerable platform; however, In Symantec's testing it was
discovered that Windows CE 5.01 (shipped as part of the Windows
Mobile 5 PocketPC and SmartPhone editions) is vulnerable. Symantec
notified Microsoft in Feburary 2006 of the fact that CE was
affected with Microsoft releasing a patch in KB930642 in
Feburary 2007.
CVE Name: N/A
*Vulnerability Description*
SynCE is an open source project, whose objective is to provide a way of
communicating with a Windows CE or Pocket PC device, from a computer
running Linux, *BSD or other unices. For more information see
http://www.synce.org/
The vdccm daemon (part of the SynCE package) is vulnerable to a remote
command injection, which can be exploited by malicious remote attackers.
Title: Microsoft Bluetooth Stack OBEX Directory Traversal
Author: Alberto Moreno Tablado
Vendor: Microsoft
Product: Windows Mobile 6 Professional (Probably Windows Mobile 5.0 for Pocket PC and Windows Mobile 5.0 for Pocket PC Phone Edition)
References: http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html
Description:
Most Windows Mobile 5.0 & 6 devices are shipped with Microsoft Bluetooth stack, only few of them use others like Widcomm Bluetooth stack. Among all the Bluetooth services that may be implemented in the stack, OBEX FTP is the most common service.
OBEX FTP Bluetooth service can be used to share files through Bluetooth, not only by sending files but also by allowing remote devices to browse local shared folders and download files. Usually, the service is configured in such a way that a specific directory is shared and the user can place there all the files he would like to share with other people. The default directory is My Device\My Documents\Bluetooth Share. A different directory may be selected by the user, however the Bluetooth wizard usually doesn't allow specifying any other from the filesystem out of My Device\My Documents\ or Memory Card\My Documents\ paths. This is because of safety reasons, so the user can't expose sensitive files or information through Bluetooth.
|
