CVE-2008-5825

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html	Exploit
http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf
http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html
http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf
http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf
http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt	Exploit
http://www.securityfocus.com/bid/30716
https://exchange.xforce.ibmcloud.com/vulnerabilities/44527

Configurations

Configuration 1 (hide)

cpe:2.3:h:nokia:6131_nfc:05.12:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-01-02 19:30

Updated : 2023-12-10 10:51

NVD link : CVE-2008-5825

Mitre link : CVE-2008-5825

CVE.ORG link : CVE-2008-5825

JSON object : View

Products Affected

nokia

6131_nfc

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2008-5825", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-01-02T19:30:01.797", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf", "source": "cve@mitre.org"}, {"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html", "source": "cve@mitre.org"}, {"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf", "source": "cve@mitre.org"}, {"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf", "source": "cve@mitre.org"}, {"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30716", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."}, {"lang": "es", "value": "La implementaci\u00f3n del tel\u00e9fono Nokia 6131 Near Field Communication (NFC) con firmware v05.12 no muestra de forma adecuada el registro URI cuando el registro Title contiene una combinaci\u00f3n precisa de los caracteres: espacios, CR (tambi\u00e9n conocidos como \\r), y . (punto), lo que permite a atacantes remotos enga\u00f1ar al usuario a cargar una URI de su elecci\u00f3n a trav\u00e9s de una etiqueta NDEF manipulada, como se demostr\u00f3 en (1) http: URI para sitio web malicioso, (2) un tel\u00e9fono: URI para un n\u00famero de tel\u00e9fono de tasa premium y (3) un SMS: URI que produce una compra de un tono para el m\u00f3vil."}], "lastModified": "2017-08-08T01:33:33.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nokia:6131_nfc:05.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDFC8440-A930-409A-9235-D1DF479E8C1E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}