Affix btftp Client OBEX File Share Filename Overflow

2005-07-12T10:29:55
ID OSVDB:17852
Type osvdb
Reporter Kevin Finisterre(kf@digitalmunition.com)
Modified 2005-07-12T10:29:55

Description

Vulnerability Description

A remote overflow exists in Affix bluetooth btftp client. The Affix bluetooth btftp client fails to handle long filenames resulting in a buffer overflow. With a specially crafted filename, an attacker can cause arbitrary code execution on the client resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Carlos Chinea has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Affix bluetooth btftp client. The Affix bluetooth btftp client fails to handle long filenames resulting in a buffer overflow. With a specially crafted filename, an attacker can cause arbitrary code execution on the client resulting in a loss of integrity.

References:

Vendor URL: http://affix.sourceforge.net/ Vendor URL: http://www-nrc.nokia.com/affix/ Secunia Advisory ID:15988 Secunia Advisory ID:16122 Secunia Advisory ID:16413 Related OSVDB ID: 17853 Other Advisory URL: http://www.debian.org/security/2005/dsa-773 Other Advisory URL: http://www.digitalmunition.com/DMA[2005-0712a].txt Other Advisory URL: http://www.debian.org/security/2005/dsa-762 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0220.html Keyword: bluetooth Keyword: nokia CVE-2005-2250