Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1367


Vulnerability Score 6.8 6.8
CVE Id CVE-2006-1367
Last Modified 20 Jun 2011 12:00:00
Published 23 Mar 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one.

Vulnerable Systems


XF - motorola-peblu6-v600-name-spoofing(25402)

VUPEN - ADV-2006-1045

BID - 17190

BUGTRAQ - 20060321 DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack'

MISC -[2006-0321a].txt

SECUNIA - 19319

Last Updated: 27 May 2016 10:42:02