Vulnerabilities > CVE-2006-0212 - Directory Traversal vulnerability in Toshiba Bluetooth Stack Object Push Service File Upload
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.
Vulnerable Configurations
References
- http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2
- http://marc.info/?l=full-disclosure&m=113712413907526&w=2
- http://secunia.com/advisories/18437
- http://securitytracker.com/id?1015486
- http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt
- http://www.osvdb.org/22380
- http://www.securityfocus.com/archive/1/421993/100/0/threaded
- http://www.securityfocus.com/bid/16236
- http://www.vupen.com/english/advisories/2006/0184