OpenOBEX IRCP Arbitrary File Overwrite Vulnerability

Bugtraq ID:	17921
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 09 2006 12:00AM
Updated:	May 10 2006 07:34PM
Credit:	Jeroen van Wolffelaar <[email protected]> reported this issue to Debian.
Vulnerable:	OpenOBEX OpenOBEX 1.2 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1
Not Vulnerable:

OpenOBEX IRCP Arbitrary File Overwrite Vulnerability

OpenOBEX's ircp utility is susceptible to a remote file-overwrite vulnerability. This issue is due to the application's failure to verify the absence of a destination file before creating one during file transfers.

This issue allows remote attackers to overwrite arbitrary files with arbitrary data. This may aid in further attacks.

OpenOBEX version 1.2 is vulnerable to this issue; other versions may also be affected.

OpenOBEX IRCP Arbitrary File Overwrite Vulnerability

To exploit this issue, attackers use standard IrDA OBEX utilities.

OpenOBEX IRCP Arbitrary File Overwrite Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

OpenOBEX IRCP Arbitrary File Overwrite Vulnerability

References:

• Debian Bug report logs - #366484 (Debian)
  
• OpenOBEX Home Page (OpenOBEX)