[Pkg-telepathy-maintainers] Bug#1078555: ofono: CVE-2024-7537 CVE-2024-7538 CVE-2024-7539 CVE-2024-7540 CVE-2024-7541 CVE-2024-7542 CVE-2024-7543 CVE-2024-7544 CVE-2024-7545 CVE-2024-7546 CVE-2024-7547

Moritz Mühlenhoff jmm at inutil.org
Mon Aug 12 13:33:36 BST 2024


Source: ofono
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for ofono.

CVE-2024-7537[0]:
| oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
| Vulnerability. This vulnerability allows local attackers to disclose
| sensitive information on affected installations of oFono.
| Authentication is not required to exploit this vulnerability.  The
| specific flaw exists within the processing of SMS message lists. The
| issue results from the lack of proper validation of user-supplied
| data, which can result in a read past the end of an allocated
| buffer. An attacker can leverage this in conjunction with other
| vulnerabilities to execute arbitrary code in the context of root.
| Was ZDI-CAN-23157.

https://www.zerodayinitiative.com/advisories/ZDI-24-1077/

CVE-2024-7538[1]:
| oFono CUSD AT Command Stack-based Buffer Overflow Code Execution
| Vulnerability. This vulnerability allows local attackers to execute
| arbitrary code on affected installations of oFono. An attacker must
| first obtain the ability to execute code on the target modem in
| order to exploit this vulnerability.  The specific flaw exists
| within the parsing of responses from AT Commands. The issue results
| from the lack of proper validation of the length of user-supplied
| data prior to copying it to a stack-based buffer. An attacker can
| leverage this vulnerability to execute code in the context of root.
| Was ZDI-CAN-23190.

https://www.zerodayinitiative.com/advisories/ZDI-24-1078/

CVE-2024-7539[2]:
| oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability.
| This vulnerability allows local attackers to execute arbitrary code
| on affected installations of oFono. An attacker must first obtain
| the ability to execute code on the target modem in order to exploit
| this vulnerability.  The specific flaw exists within the parsing of
| responses from AT+CUSD commands. The issue results from the lack of
| proper validation of the length of user-supplied data prior to
| copying it to a stack-based buffer. An attacker can leverage this
| vulnerability to execute code in the context of root. Was ZDI-
| CAN-23195.

https://www.zerodayinitiative.com/advisories/ZDI-24-1079/

CVE-2024-7540[3]:
| oFono AT CMGL Command Uninitialized Variable Information Disclosure
| Vulnerability. This vulnerability allows local attackers to disclose
| sensitive information on affected installations of oFono. An
| attacker must first obtain the ability to execute code on the target
| modem in order to exploit this vulnerability.  The specific flaw
| exists within the parsing of responses from AT+CMGL commands. The
| issue results from the lack of proper initialization of memory prior
| to accessing it. An attacker can leverage this in conjunction with
| other vulnerabilities to execute arbitrary code in the context of
| root. Was ZDI-CAN-23307.

https://www.zerodayinitiative.com/advisories/ZDI-24-1080/

CVE-2024-7541[4]:
| oFono AT CMT Command Uninitialized Variable Information Disclosure
| Vulnerability. This vulnerability allows local attackers to disclose
| sensitive information on affected installations of oFono. An
| attacker must first obtain the ability to execute code on the target
| modem in order to exploit this vulnerability.  The specific flaw
| exists within the parsing of responses from AT+CMT commands. The
| issue results from the lack of proper initialization of memory prior
| to accessing it. An attacker can leverage this in conjunction with
| other vulnerabilities to execute arbitrary code in the context of
| root. Was ZDI-CAN-23308.

https://www.zerodayinitiative.com/advisories/ZDI-24-1081/

CVE-2024-7542[5]:
| oFono AT CMGR Command Uninitialized Variable Information Disclosure
| Vulnerability. This vulnerability allows local attackers to disclose
| sensitive information on affected installations of oFono. An
| attacker must first obtain the ability to execute code on the target
| modem in order to exploit this vulnerability.  The specific flaw
| exists within the parsing of responses from AT+CMGR commands. The
| issue results from the lack of proper initialization of memory prior
| to accessing it. An attacker can leverage this in conjunction with
| other vulnerabilities to execute arbitrary code in the context of
| root. Was ZDI-CAN-23309.

https://www.zerodayinitiative.com/advisories/ZDI-24-1082/

CVE-2024-7543[6]:
| oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation
| Vulnerability. This vulnerability allows local attackers to execute
| arbitrary code on affected installations of oFono. An attacker must
| first obtain the ability to execute code on the target modem in
| order to exploit this vulnerability.  The specific flaw exists
| within the parsing of STK command PDUs. The issue results from the
| lack of proper validation of the length of user-supplied data prior
| to copying it to a heap-based buffer. An attacker can leverage this
| vulnerability to execute code in the context of the service account.
| Was ZDI-CAN-23456.

https://www.zerodayinitiative.com/advisories/ZDI-24-1083/

CVE-2024-7544[7]:
| oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation
| Vulnerability. This vulnerability allows local attackers to execute
| arbitrary code on affected installations of oFono. An attacker must
| first obtain the ability to execute code on the target modem in
| order to exploit this vulnerability.  The specific flaw exists
| within the parsing of STK command PDUs. The issue results from the
| lack of proper validation of the length of user-supplied data prior
| to copying it to a heap-based buffer. An attacker can leverage this
| vulnerability to execute code in the context of the service account.
| Was ZDI-CAN-23457.

https://www.zerodayinitiative.com/advisories/ZDI-24-1084/

CVE-2024-7545[8]:
| oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation
| Vulnerability. This vulnerability allows local attackers to execute
| arbitrary code on affected installations of oFono. An attacker must
| first obtain the ability to execute code on the target modem in
| order to exploit this vulnerability.  The specific flaw exists
| within the parsing of STK command PDUs. The issue results from the
| lack of proper validation of the length of user-supplied data prior
| to copying it to a heap-based buffer. An attacker can leverage this
| vulnerability to execute code in the context of the service account.
| Was ZDI-CAN-23458.

https://www.zerodayinitiative.com/advisories/ZDI-24-1085/

CVE-2024-7546[9]:
| oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation
| Vulnerability. This vulnerability allows local attackers to execute
| arbitrary code on affected installations of oFono. An attacker must
| first obtain the ability to execute code on the target modem in
| order to exploit this vulnerability.  The specific flaw exists
| within the parsing of STK command PDUs. The issue results from the
| lack of proper validation of the length of user-supplied data prior
| to copying it to a heap-based buffer. An attacker can leverage this
| vulnerability to execute code in the context of the service account.
| Was ZDI-CAN-23459.

https://www.zerodayinitiative.com/advisories/ZDI-24-1086/

CVE-2024-7547[10]:
| oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation
| Vulnerability. This vulnerability allows local attackers to execute
| arbitrary code on affected installations of oFono. An attacker must
| first obtain the ability to execute code on the target modem in
| order to exploit this vulnerability.  The specific flaw exists
| within the parsing of SMS PDUs. The issue results from the lack of
| proper validation of the length of user-supplied data prior to
| copying it to a stack-based buffer. An attacker can leverage this
| vulnerability to execute code in the context of the service account.
| Was ZDI-CAN-23460.

https://www.zerodayinitiative.com/advisories/ZDI-24-1087/

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-7537
    https://www.cve.org/CVERecord?id=CVE-2024-7537
[1] https://security-tracker.debian.org/tracker/CVE-2024-7538
    https://www.cve.org/CVERecord?id=CVE-2024-7538
[2] https://security-tracker.debian.org/tracker/CVE-2024-7539
    https://www.cve.org/CVERecord?id=CVE-2024-7539
[3] https://security-tracker.debian.org/tracker/CVE-2024-7540
    https://www.cve.org/CVERecord?id=CVE-2024-7540
[4] https://security-tracker.debian.org/tracker/CVE-2024-7541
    https://www.cve.org/CVERecord?id=CVE-2024-7541
[5] https://security-tracker.debian.org/tracker/CVE-2024-7542
    https://www.cve.org/CVERecord?id=CVE-2024-7542
[6] https://security-tracker.debian.org/tracker/CVE-2024-7543
    https://www.cve.org/CVERecord?id=CVE-2024-7543
[7] https://security-tracker.debian.org/tracker/CVE-2024-7544
    https://www.cve.org/CVERecord?id=CVE-2024-7544
[8] https://security-tracker.debian.org/tracker/CVE-2024-7545
    https://www.cve.org/CVERecord?id=CVE-2024-7545
[9] https://security-tracker.debian.org/tracker/CVE-2024-7546
    https://www.cve.org/CVERecord?id=CVE-2024-7546
[10] https://security-tracker.debian.org/tracker/CVE-2024-7547
    https://www.cve.org/CVERecord?id=CVE-2024-7547

Please adjust the affected versions in the BTS as needed.



More information about the Pkg-telepathy-maintainers mailing list