CVE-2006-0212

Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2
http://marc.info/?l=full-disclosure&m=113712413907526&w=2
http://secunia.com/advisories/18437	Vendor Advisory
http://securitytracker.com/id?1015486
http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt	Exploit Vendor Advisory
http://www.osvdb.org/22380
http://www.securityfocus.com/archive/1/421993/100/0/threaded
http://www.securityfocus.com/bid/16236
http://www.vupen.com/english/advisories/2006/0184

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:toshiba:bluetooth_stack::::::::
	cpe:2.3:a:toshiba:bluetooth_stack:3.00.11:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.00.12:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.00.31a:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.00.32:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.01.03:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.10.00:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.20.00:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.20.01:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.20.02:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:3.20.04:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:4.00.01t:::::::*
	cpe:2.3:a:toshiba:bluetooth_stack:4.00.11:::::::*

History

No history.

Information

Published : 2006-01-14 01:03

Updated : 2024-02-04 16:52

NVD link : CVE-2006-0212

Mitre link : CVE-2006-0212

CVE.ORG link : CVE-2006-0212

JSON object : View

Products Affected

toshiba

bluetooth_stack

CWE

NVD-CWE-Other

{"id": "CVE-2006-0212", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-01-14T01:03:00.000", "references": [{"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=full-disclosure&m=113712413907526&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18437", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015486", "source": "cve@mitre.org"}, {"url": "http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22380", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/421993/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16236", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0184", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\\\ sequences in the RFILE argument of ussp-push."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en servicios OBEX Push en Toshiba Bluetooth Stack 4.00.23(T) y versiones anteriores permite a atacantes remotos subir archivos arbitrarios a localizaciones remotas arbitrarias especificadas por secuencias .. (punto punto), seg\u00fan lo demostrado por secuencias ..\\\\ en el argumento RFILE de ussp-push."}], "lastModified": "2018-10-19T15:43:13.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31A7DCAC-2DF7-4EB1-B321-A1A331F32ED8", "versionEndIncluding": "4.00.23t"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.00.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0A3CCBE-29F6-4833-9839-0CEAB0C33A2B"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.00.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FB969B2-F6B7-48C0-9B4D-EC9F92944CA4"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.00.31a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "950ACF9E-0783-42E5-A804-18A9F26E038A"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.00.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8D00C96-6DA5-453F-A7E2-694E0B83D68E"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.01.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A2ACFAD-8406-4478-8D12-F4EC8684728C"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.10.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6160E18A-DE9C-4D0A-A901-BC2BB1CE3F26"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.20.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01049F3C-7EE1-4836-BF9C-C2CFE84A03D7"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.20.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "484C6E65-24BA-4D07-8BD1-71384E63F41D"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.20.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083F6F9A-626B-4F7B-9804-3E97C0D8624F"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:3.20.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F031926C-3138-4D5E-81F4-ED34C95367C2"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:4.00.01t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17E31608-3811-491C-9759-6F66D0B4C6E2"}, {"criteria": "cpe:2.3:a:toshiba:bluetooth_stack:4.00.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "611EB66B-01DA-43DE-8DFE-0D6F5AD0657A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}