Heap overflow bug in either a widely used ASN.1 library from Objective Systems, apparently popular with cell-radio industry people. Not sure if this will leak over into NANOG land -- but neither are you, and that's most of my point.
DO *you* know if this library is used in your routers? Can you find out? How easily and quickly? Cheers, -- jra ----- Forwarded Message ----- > From: "PRIVACY Forum mailing list" <priv...@vortex.com> > To: privacy-l...@vortex.com > Sent: Tuesday, July 19, 2016 7:12:47 PM > Subject: [ PRIVACY Forum ] Critical bug threatens to bite mobile phones and > networks > Critical bug threatens to bite mobile phones and networks > > http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/ > > A newly disclosed vulnerability could allow attackers to seize > control of mobile phones and key parts of the world's > telecommunications infrastructure and make it possible to > eavesdrop or disrupt entire networks, security experts warned > Tuesday. The bug resides in a code library used in a wide > range of telecommunication products, including radios in cell > towers, routers, and switches, as well as the baseband chips > in individual phones. Although exploiting the heap overflow > vulnerability would require great skill and resources, > attackers who managed to succeed would have the ability to > execute malicious code on virtually all of those devices. The > code library was developed by Pennsylvania-based Objective > Systems and is used to implement a telephony standard known as > ASN.1, short for Abstract Syntax Notation One. > > - - - > > --Lauren-- > Lauren Weinstein (lau...@vortex.com): http://www.vortex.com/lauren > Founder: > - Network Neutrality Squad: http://www.nnsquad.org > - PRIVACY Forum: http://www.vortex.com/privacy-info > Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info > Member: ACM Committee on Computers and Public Policy > Lauren's Blog: http://lauren.vortex.com > Google+: http://google.com/+LaurenWeinstein > Twitter: http://twitter.com/laurenweinstein > Tel: +1 (818) 225-2800 / Skype: vortex.com > I have consulted to Google, but I am not currently > doing so -- my opinions expressed here are mine alone. > _______________________________________________ > privacy mailing list > http://lists.vortex.com/mailman/listinfo/privacy -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
