Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0212

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0212
Last Modified 07 Mar 2011 09:29:35
Published 13 Jan 2006 08:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0212

Summary

Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.

Vulnerable Systems

Application

  • Toshiba Bluetooth Stack 3.00.11

  • Toshiba Bluetooth Stack 3.00.12

  • Toshiba Bluetooth Stack 3.00.31a

  • Toshiba Bluetooth Stack 3.00.32

  • Toshiba Bluetooth Stack 3.01.03

  • Toshiba Bluetooth Stack 3.10.00

  • Toshiba Bluetooth Stack 3.20.00

  • Toshiba Bluetooth Stack 3.20.01

  • Toshiba Bluetooth Stack 3.20.02

  • Toshiba Bluetooth Stack 3.20.04

  • Toshiba Bluetooth Stack 4.00.01t

  • Toshiba Bluetooth Stack 4.00.11

  • Toshiba Bluetooth Stack 4.00.23t


References

VUPEN - ADV-2006-0184

BID - 16236

MISC - http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt

SECUNIA - 18437

FULLDISC - 20060113 DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal'

OSVDB - 22380

SECTRACK - 1015486

MISC - http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2


Last Updated: 27 May 2016 10:41:34