CVE-2006-0212

Sažetak

Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.

Reference

http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2
http://marc.info/?l=full-disclosure&m=113712413907526&w=2
http://secunia.com/advisories/18437
http://securitytracker.com/id?1015486
http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt
http://www.osvdb.org/22380
http://www.securityfocus.com/archive/1/421993/100/0/threaded
http://www.securityfocus.com/bid/16236
http://www.vupen.com/english/advisories/2006/0184

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:43

Objavljeno

14-01-2006 - 01:03