TimbuktuってMotorolaが買ってたのね・・・昔はよく使ったなぁ。システム権限を取得できる脆弱性が存在するそうです。

II. DESCRIPTION

Remote exploitation of multiple buffer overflow vulnerabilities within Motorola Inc.'s Timbuktu allows attackers to crash the service or potentially execute arbitrary code with SYSTEM privileges.

The first issue exists within the handling of malformed application level protocol requests. Certain requests lead to an arbitrary length overflow of a buffer located on the heap.

The second vulnerability exists within the processing of log in requests. By specifying an overly long user name, it is possible to cause heap corruption.

The third vulnerability specifically exists within the "Scanner" functionally. By running a malicious socket server on TCP port 407, an attacker is able to cause a buffer overflow with a malformed "HELLO" response packet.