WIDCOMM Bluetooth Communication Software Directory Traversal Vulnerability
BID:13135
Info
WIDCOMM Bluetooth Communication Software Directory Traversal Vulnerability
| Bugtraq ID: | 13135 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2005 12:00AM |
| Updated: | Apr 12 2005 12:00AM |
| Credit: | Kevin Finisterre disclosed this vulnerability. |
| Vulnerable: |
WIDCOMM Bluetooth Communication Software 1.4.2 WIDCOMM Bluetooth Communication Software 1.4.1 .03 |
| Not Vulnerable: |
WIDCOMM Bluetooth Communication Software 4.0.1 .700 WIDCOMM Bluetooth Communication Software 3.0.1 .905 |
Discussion
WIDCOMM Bluetooth Communication Software Directory Traversal Vulnerability
The WIDCOMM Bluetooth communications software is prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to utilizing it.
Attackers may exploit this vulnerability to gain access to potentially sensitive files, as well as corrupt or destroy data. Other attacks may also be possible.
WIDCOMM BTStackServer for Microsoft Windows version 1.4.2 is reported to be affected by this vulnerability. Other versions are also likely affected.
The WIDCOMM Bluetooth communications software is prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to utilizing it.
Attackers may exploit this vulnerability to gain access to potentially sensitive files, as well as corrupt or destroy data. Other attacks may also be possible.
WIDCOMM BTStackServer for Microsoft Windows version 1.4.2 is reported to be affected by this vulnerability. Other versions are also likely affected.
Exploit / POC
WIDCOMM Bluetooth Communication Software Directory Traversal Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
WIDCOMM Bluetooth Communication Software Directory Traversal Vulnerability
Solution:
Reportedly, this vulnerability is not present in versions 4.0.1.700 and 3.0.1.905 of the Bluetooth communications software. This has not been confirmed by Symantec. No vendor confirmation of this issue, or the fix, is known at this time.
Solution:
Reportedly, this vulnerability is not present in versions 4.0.1.700 and 3.0.1.905 of the Bluetooth communications software. This has not been confirmed by Symantec. No vendor confirmation of this issue, or the fix, is known at this time.
References
WIDCOMM Bluetooth Communication Software Directory Traversal Vulnerability
References:
References:
- DMA[2005-0412a] - 'Widcomm BTW (Microsoft Windows BT stack) Directory Transversa (Kevin Finisterre)
- Homepage (WIDCOMM)
- Bluetooth dot dot attacks (update) ("KF (lists)"