CVE-2008-5825 - OpenCVE

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nokia	6131 Nfc

Configuration 1 [-]

cpe:2.3:h:nokia:6131_nfc:05.12:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html
http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf
http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html
http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf
http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf
http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt
http://www.securityfocus.com/bid/30716
https://exchange.xforce.ibmcloud.com/vulnerabilities/44527

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-02T19:00:00

Updated: 2024-08-07T11:04:44.699Z

Reserved: 2009-01-02T00:00:00

Link: CVE-2008-5825

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-01-02T19:30:01.797

Modified: 2017-08-08T01:33:33.827

Link: CVE-2008-5825

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-29T00:00:00", "descriptions": [{"lang": "en", "value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"name": "30716", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30716"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"name": "nokia-6131-ndef-uri-spoofing(44527)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5825", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf", "refsource": "MISC", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"name": "30716", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30716"}, {"name": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt", "refsource": "MISC", "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"name": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf", "refsource": "MISC", "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"name": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html", "refsource": "MISC", "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"name": "nokia-6131-ndef-uri-spoofing(44527)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf", "refsource": "MISC", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.699Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"name": "30716", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30716"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"name": "nokia-6131-ndef-uri-spoofing(44527)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5825", "datePublished": "2009-01-02T19:00:00", "dateReserved": "2009-01-02T00:00:00", "dateUpdated": "2024-08-07T11:04:44.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:6131_nfc:05.12:*:*:*:*:*:*:*", "matchCriteriaId": "EDFC8440-A930-409A-9235-D1DF479E8C1E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."}, {"lang": "es", "value": "La implementaci\u00f3n del tel\u00e9fono Nokia 6131 Near Field Communication (NFC) con firmware v05.12 no muestra de forma adecuada el registro URI cuando el registro Title contiene una combinaci\u00f3n precisa de los caracteres: espacios, CR (tambi\u00e9n conocidos como \\r), y . (punto), lo que permite a atacantes remotos enga\u00f1ar al usuario a cargar una URI de su elecci\u00f3n a trav\u00e9s de una etiqueta NDEF manipulada, como se demostr\u00f3 en (1) http: URI para sitio web malicioso, (2) un tel\u00e9fono: URI para un n\u00famero de tel\u00e9fono de tasa premium y (3) un SMS: URI que produce una compra de un tono para el m\u00f3vil."}], "id": "CVE-2008-5825", "lastModified": "2017-08-08T01:33:33.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-01-02T19:30:01.797", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}, {"source": "cve@mitre.org", "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"source": "cve@mitre.org", "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"source": "cve@mitre.org", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"source": "cve@mitre.org", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30716"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}