CVE-2024-7547
📋 TL;DR
This is a stack-based buffer overflow vulnerability in oFono's SMS PDU decoder that allows local attackers to execute arbitrary code with service account privileges. Attackers need initial code execution capability on the target modem to exploit this flaw. Systems using vulnerable versions of oFono for SMS processing are affected.
💻 Affected Systems
- oFono
📦 What is this software?
Ofono by Ofono Project
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via privilege escalation to service account, enabling persistence, data theft, and lateral movement within the network.
Likely Case
Local privilege escalation allowing attackers to gain higher privileges on the affected system, potentially leading to service disruption or further exploitation.
If Mitigated
Contained impact limited to the service account with no lateral movement if proper isolation and least privilege controls are implemented.
🎯 Exploit Status
Requires local access and ability to execute code on the target modem first. The buffer overflow itself is straightforward once initial access is achieved.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory - check oFono repository for latest version
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-1087/
Restart Required: Yes
Instructions:
1. Check oFono repository for security updates. 2. Update to the latest patched version. 3. Restart oFono services. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Disable SMS functionality
linuxTemporarily disable SMS processing if not required
systemctl stop ofono
systemctl disable ofono
Implement strict access controls
allRestrict local access to modem systems and oFono services
🧯 If You Can't Patch
- Implement network segmentation to isolate modem systems from critical infrastructure
- Apply strict least privilege principles to service accounts and monitor for unusual activity
🔍 How to Verify
Check if Vulnerable:
Check oFono version and compare against patched versions in security advisoriesCheck Version:
ofonod --version 2>/dev/null || dpkg -l | grep ofono || rpm -qa | grep ofonoVerify Fix Applied:
Verify oFono has been updated to a version after the vulnerability disclosure date📡 Detection & Monitoring
Log Indicators:
- Unusual process spawning from oFono service
- Multiple failed SMS parsing attempts
- Service crashes or restarts
Network Indicators:
- Unusual SMS traffic patterns to modem systems
SIEM Query:
source="ofono.log" AND ("segmentation fault" OR "buffer overflow" OR "SMS decode error")