Published:2013/08/07 Last Updated:2013/08/07
JVN#44035194
docomo overseas usage application vulnerability in the connection process
Overview
docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points.
Products Affected
- docomo overseas usage application Ver2.0.0 through Ver2.0.4
Description
docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally.
Impact
When connecting to a Wi-Fi access point, an attacker may obtain user information.
Solution
Apply an update
Update to the latest version according to the information provided by the developer.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2013.08.07
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | must be attacked from a local segment, such as Ethernet, Bluetooth, and 802.11 attacks |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-3659 |
| JVN iPedia |
JVNDB-2013-000075 |