Affix Bluetooth Protocol Stack Signed Buffer Index Vulnerability

Bugtraq ID:	13347
Class:	Boundary Condition Error
CVE:
Remote:	No
Local:	Yes
Published:	Apr 25 2005 12:00AM
Updated:	Apr 25 2005 12:00AM
Credit:	"KF" <[email protected]> is credited with the discovery of this issue.
Vulnerable:	Affix Bluetooth Protocol Stack 3.2 Affix Bluetooth Protocol Stack 3.1.1
Not Vulnerable:

Affix Bluetooth Protocol Stack Signed Buffer Index Vulnerability

A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters.

This issue may be leveraged by a local attacker to gain escalated privileges on an affected computer.

Affix Bluetooth Protocol Stack Signed Buffer Index Vulnerability

"KF" <[email protected]> provides the following proof of concept exploits:

• /data/vulnerabilities/exploits/affixBluetoothIndexPoC.c
• /data/vulnerabilities/exploits/affix_poc.c

Affix Bluetooth Protocol Stack Signed Buffer Index Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Affix Bluetooth Protocol Stack Signed Buffer Index Vulnerability

References:

• Affix Project Home Page (Affix)
  
• DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow' ("KF (lists)" )