ID

VAR-200602-0345


CVE

CVE-2006-0797


TITLE

Nokia N70 L2CAP Packet Remote Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-0965 // CNNVD: CNNVD-200602-292

DESCRIPTION

Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). Nokia N70 is reportedly prone to a remote denial-of-service vulnerability. A successful attack can allow an attacker to corrupt memory and to trigger a denial-of-service condition. Arbitrary code execution may be possible as well, but this has not been confirmed. Nokia model N70 is reported vulnerable to this issue; the specific firmware is currently unknown. This issue is reported to be a seperate issue than 16513 (Nokia N70 Remote Denial of Service Vulnerability) also discovered using the BSS Stack Smasher. TITLE: Nokia Cell Phones Bluetooth Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18724 VERIFY ADVISORY: http://secunia.com/advisories/18724/ CRITICAL: Not critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Nokia N70 http://secunia.com/product/8012/ DESCRIPTION: Pierre Betouin has reported a vulnerability in Nokia cell phones, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the Bluetooth stack within the handling of certain requests. This can be exploited to cause the device to stop responding or to display a "System error" message. Other Nokia cell phones with Bluetooth functionality may also be affected. SOLUTION: Disable Bluetooth. PROVIDED AND/OR DISCOVERED BY: Pierre Betouin ORIGINAL ADVISORY: http://www.secuobs.com/news/10022006-nokia_n70.shtml#english ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2006-0797 // CNVD: CNVD-2006-0965 // BID: 16666 // PACKETSTORM: 43772

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-0965

AFFECTED PRODUCTS

vendor:nokiamodel:n70scope:eqversion:*

Trust: 1.0

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:nokiamodel:n70scope: - version: -

Trust: 0.6

vendor:nokiamodel:n70scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-0965 // BID: 16666 // CNNVD: CNNVD-200602-292 // NVD: CVE-2006-0797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0797
value: HIGH

Trust: 1.0

CNVD: CNVD-2006-0965
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200602-292
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2006-0797
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-0965
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-0965 // CNNVD: CNNVD-200602-292 // NVD: CVE-2006-0797

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0797

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-292

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200602-292

EXTERNAL IDS

db:BIDid:16666

Trust: 2.5

db:NVDid:CVE-2006-0797

Trust: 2.2

db:SECUNIAid:18724

Trust: 1.7

db:VUPENid:ADV-2006-0538

Trust: 1.6

db:OSVDBid:23061

Trust: 1.6

db:CNVDid:CNVD-2006-0965

Trust: 0.6

db:XFid:24688

Trust: 0.6

db:XFid:2

Trust: 0.6

db:FULLDISCid:20060215 [ SECUOBS - ADVISORY ] ANOTHER KIND OF DOS ON NOKIA CELL PHONES

Trust: 0.6

db:CNNVDid:CNNVD-200602-292

Trust: 0.6

db:PACKETSTORMid:43772

Trust: 0.1

sources: CNVD: CNVD-2006-0965 // BID: 16666 // PACKETSTORM: 43772 // CNNVD: CNNVD-200602-292 // NVD: CVE-2006-0797

REFERENCES

url:http://www.securityfocus.com/bid/16666

Trust: 2.2

url:http://www.secuobs.com/news/15022006-nokia_n70.shtml#english

Trust: 1.9

url:http://www.osvdb.org/23061

Trust: 1.6

url:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0316.html

Trust: 1.6

url:http://secunia.com/advisories/18724

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24688

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/0538

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/24688

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/0538

Trust: 0.6

url:www.nokia.com/nseries

Trust: 0.3

url:http://www.secuobs.com/replay_l2cap_packet_nokian70.c

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/18724/

Trust: 0.1

url:http://www.secuobs.com/news/10022006-nokia_n70.shtml#english

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/8012/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2006-0965 // BID: 16666 // PACKETSTORM: 43772 // CNNVD: CNNVD-200602-292 // NVD: CVE-2006-0797

CREDITS

Discovered by Pierre Betouin <pierre.betouin@infratech.fr> using Bluetooh Stack Smasher (BSS).

Trust: 0.9

sources: BID: 16666 // CNNVD: CNNVD-200602-292

SOURCES

db:CNVDid:CNVD-2006-0965
db:BIDid:16666
db:PACKETSTORMid:43772
db:CNNVDid:CNNVD-200602-292
db:NVDid:CVE-2006-0797

LAST UPDATE DATE

2024-11-23T19:32:45.144000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-0965date:2006-02-19T00:00:00
db:BIDid:16666date:2006-02-15T22:12:00
db:CNNVDid:CNNVD-200602-292date:2006-02-20T00:00:00
db:NVDid:CVE-2006-0797date:2024-11-21T00:07:21.770

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-0965date:2006-02-19T00:00:00
db:BIDid:16666date:2006-02-15T00:00:00
db:PACKETSTORMid:43772date:2006-02-13T19:29:16
db:CNNVDid:CNNVD-200602-292date:2006-02-19T00:00:00
db:NVDid:CVE-2006-0797date:2006-02-19T21:02:00