JVN#83907168
Multiple KYOCERA mobile devices may reboot during email reception
Overview
Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format.
Products Affected
- AH-K3001V
- AH-K3002V
- WX300K
- WX310K
- WX320K
- WX320KR
Description
Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email.
Impact
When receiving an invalid email, the device will always reboot, therefore emails cannot be received.
Solution
Delete the corresponding invalid email
By deleting the invalid email, the device can be recovered from the rebooting issue. In addition, emails will be received normally.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2012.11.30
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Masashi Shimizu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2012-5174 |
| JVN iPedia |
JVNDB-2012-000105 |