PT-2008-2489 · Now · Now Sms & Mms Gateway

Heretic2

Published

2008-02-21

Updated

2018-10-15

CVE-2008-0871

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Now SMS/MMS Gateway versions 2007.06.27 and earlier

Description The issue allows remote attackers to execute arbitrary code. This can be achieved via a long password in an Authorization header to the HTTP service or a large packet to the SMPP service.

Recommendations For Now SMS/MMS Gateway versions 2007.06.27 and earlier, consider updating to a version later than 2007.06.27 to resolve the issue. As a temporary workaround, restrict access to the HTTP and SMPP services to minimize the risk of exploitation. Avoid using long passwords in the Authorization header and limit the size of packets to the SMPP service until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-0871

Affected Products

Now Sms & Mms Gateway

PT-2008-2489 · Now · Now Sms & Mms Gateway

CVE-2008-0871

Weakness Enumeration

Related Identifiers

Affected Products

References · 9