Vulnerability Details CVE-2006-0212
Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2
- http://marc.info/?l=full-disclosure&m=113712413907526&w=2
- http://secunia.com/advisories/18437
- http://securitytracker.com/id?1015486
- http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt
- http://www.osvdb.org/22380
- http://www.securityfocus.com/archive/1/421993/100/0/threaded
- http://www.securityfocus.com/bid/16236
- http://www.vupen.com/english/advisories/2006/0184
- http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2
- http://marc.info/?l=full-disclosure&m=113712413907526&w=2
- http://secunia.com/advisories/18437
- http://securitytracker.com/id?1015486
- http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt
- http://www.osvdb.org/22380
- http://www.securityfocus.com/archive/1/421993/100/0/threaded
- http://www.securityfocus.com/bid/16236
- http://www.vupen.com/english/advisories/2006/0184
Products affected by CVE-2006-0212
-
cpe:2.3:a:toshiba:bluetooth_stack:*
-
cpe:2.3:a:toshiba:bluetooth_stack:3.00.11
-
cpe:2.3:a:toshiba:bluetooth_stack:3.00.12
-
cpe:2.3:a:toshiba:bluetooth_stack:3.00.31a
-
cpe:2.3:a:toshiba:bluetooth_stack:3.00.32
-
cpe:2.3:a:toshiba:bluetooth_stack:3.01.03
-
cpe:2.3:a:toshiba:bluetooth_stack:3.10.00
-
cpe:2.3:a:toshiba:bluetooth_stack:3.20.00
-
cpe:2.3:a:toshiba:bluetooth_stack:3.20.01
-
cpe:2.3:a:toshiba:bluetooth_stack:3.20.02
-
cpe:2.3:a:toshiba:bluetooth_stack:3.20.04
-
cpe:2.3:a:toshiba:bluetooth_stack:4.00.01t
-
cpe:2.3:a:toshiba:bluetooth_stack:4.00.11