Toshiba Bluetooth Stack Traversal Arbitrary File Upload

2006-01-12T08:18:16
ID OSVDB:22380
Type osvdb
Reporter Kevin Finisterre(kf@digitalmunition.com)
Modified 2006-01-12T08:18:16

Description

Vulnerability Description

Toshiba's Bluetooth Stack contains a flaw that allows a remote attacker to upload arbitrary files to the target computers's file system, using 'OBEX Push' calls. The issue is due to the stack not properly sanitizing user input, specifically traversal style attacks (../../) supplied via a client software.

Technical Description

For the attack to work, a user on the target computer has to actively accept the file transfer. In addition, that user needs write access to the target location on the file system. Note that the download location specified by the targeted user is superseded by the target path crafted by the attacker.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Toshiba's Bluetooth Stack contains a flaw that allows a remote attacker to upload arbitrary files to the target computers's file system, using 'OBEX Push' calls. The issue is due to the stack not properly sanitizing user input, specifically traversal style attacks (../../) supplied via a client software.

References:

Vendor URL: http://www.toshiba-tro.de/ Security Tracker: 1015486 Secunia Advisory ID:18437 Other Advisory URL: http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0450.html FrSIRT Advisory: ADV-2006-0184 CVE-2006-0212 Bugtraq ID: 16236