CVE-2009-0396

Name of the Vulnerable Software and Affected Versions Sony Ericsson W910i Sony Ericsson W660i Sony Ericsson K618i Sony Ericsson K610i Sony Ericsson Z610i Sony Ericsson K810i Sony Ericsson K660i Sony Ericsson W880i Sony Ericsson K530i

Description The issue allows remote attackers to cause a denial of service, resulting in a device reboot or hang-up. This can be achieved by sending a malformed WAP Push packet to either SMS or UDP port 2948.

Recommendations For Sony Ericsson W910i, consider restricting access to UDP port 2948 as a temporary workaround. For Sony Ericsson W660i, avoid using SMS services until the issue is resolved. For Sony Ericsson K618i, restrict incoming WAP Push packets to minimize the risk of exploitation. For Sony Ericsson K610i, consider disabling the SMS functionality until a fix is available. For Sony Ericsson Z610i, restrict access to UDP port 2948 to prevent denial of service attacks. For Sony Ericsson K810i, avoid using services that rely on WAP Push packets until the issue is resolved. For Sony Ericsson K660i, consider implementing firewall rules to block incoming traffic on UDP port 2948. For Sony Ericsson W880i, restrict incoming SMS traffic to minimize the risk of exploitation. For Sony Ericsson K530i, consider disabling the WAP Push functionality until a fix is available.