APP: Now SMS/MMS Gateway Overflow
This signature detects attempts to exploit a known vulnerability against Now Wireless Now SMS/MMS Gateway. Attackers can execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application. This signature is based of the public PoC available in Metasploit Exploit Framework.
Extended Description
Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.27 and earlier allow remote attackers to execute arbitrary code via a (1) long password in an Authorization header to the HTTP service or a (2) large packet to the SMPP service.
Affected Products
Now sms_mms_gateway
Short Name
APP:NOW-SMS-OF-MSF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2008-0871 Gateway Now Overflow SMS/MMS bid:27896
Release Date
03/29/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Now
CVSS Score
6.8