Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3146

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3146
Last Modified 10 Jun 2011 12:00:00
Published 22 Jun 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3146

Summary

The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23.

Vulnerable Systems

Application

  • Toshiba Bluetooth Stack 3.00.11

  • Toshiba Bluetooth Stack 3.00.12

  • Toshiba Bluetooth Stack 3.00.31a

  • Toshiba Bluetooth Stack 3.00.32

  • Toshiba Bluetooth Stack 3.01.03

  • Toshiba Bluetooth Stack 3.10.00

  • Toshiba Bluetooth Stack 3.20.00

  • Toshiba Bluetooth Stack 3.20.01

  • Toshiba Bluetooth Stack 3.20.02

  • Toshiba Bluetooth Stack 3.20.04

  • Toshiba Bluetooth Stack 4.00.01t

  • Toshiba Bluetooth Stack 4.00.11

  • Toshiba Bluetooth Stack 4.00.23

  • Toshiba Bluetooth Stack 4.00.29


References

SECUNIA - 20657

XF - toshiba-bluetooth-dos(27228)

VUPEN - ADV-2006-2455

BID - 18527

BUGTRAQ - 20060620 trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows

OSVDB - 26686

MISC - http://trifinite.org/trifinite_advisory_toshiba.html

MISC - http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html

SECTRACK - 1016345

MISC - http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html

VIM - 20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability

CONFIRM - http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2


Last Updated: 27 May 2016 10:42:54