Sign-up

ID

VAR-200610-0239


CVE

CVE-2006-5405


TITLE

Used for multiple products Toshiba Bluetooth Service disruption in wireless device drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-003320

DESCRIPTION

Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets. Bluetooth Wireless Device Driver is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Toshiba Bluetooth Stack Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA22402 VERIFY ADVISORY: http://secunia.com/advisories/22402/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Toshiba Bluetooth Stack 4.x http://secunia.com/product/6807/ Toshiba Bluetooth Stack 3.x http://secunia.com/product/6806/ DESCRIPTION: A vulnerability has been reported in Toshiba Bluetooth Stack, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Successful exploitation requires knowledge of the Bluetooth device address. The vulnerability is reported in version 3.x and versions 4 through 4.00.35. Other versions may also be affected. NOTE: Products from other vendors using the Toshiba Bluetooth Stack may also be affected. The Toshiba Bluetooth Stack running on 64-bit platforms is reportedly not affected. SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: David Maynor, SecureWorks and Jon Ellch. ORIGINAL ADVISORY: http://www.secureworks.com/press/20061011-dell.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-5405 // JVNDB: JVNDB-2006-003320 // BID: 87177 // VULHUB: VHN-21513 // PACKETSTORM: 50988

AFFECTED PRODUCTS

vendor:toshibamodel:bluetooth wireless device driverscope:eqversion:4.x

Trust: 1.9

vendor:toshibamodel:bluetooth wireless device driverscope:eqversion:3.x

Trust: 1.9

vendor:toshibamodel:bluetooth wireless device driverscope:eqversion:3.x and 4 to 4.00.35

Trust: 0.8

sources: BID: 87177 // JVNDB: JVNDB-2006-003320 // CNNVD: CNNVD-200610-323 // NVD: CVE-2006-5405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5405
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-5405
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200610-323
value: MEDIUM

Trust: 0.6

VULHUB: VHN-21513
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-5405
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21513
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21513 // JVNDB: JVNDB-2006-003320 // CNNVD: CNNVD-200610-323 // NVD: CVE-2006-5405

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5405

THREAT TYPE

local

Trust: 0.9

sources: BID: 87177 // CNNVD: CNNVD-200610-323

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200610-323

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-003320

PATCH
title:Bluetoothurl:http://aps.toshiba-tro.de/bluetooth/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-003320

EXTERNAL IDS
db:NVDid:CVE-2006-5405
Trust: 2.8
db:SECTRACKid:1017075
Trust: 2.0
db:SREASONid:1744
Trust: 2.0
db:SECUNIAid:22402
Trust: 1.8
db:VUPENid:ADV-2006-4057
Trust: 1.7
db:JVNDBid:JVNDB-2006-003320
Trust: 0.8
db:XFid:29503
Trust: 0.6
db:VIMid:20061017 SECUREWORKS RESEARCH CLIENT ADVISORY: MULTIPLE VENDOR BLUETOOTH MEMORY STACK CORRUPTION VULNERABILITY
Trust: 0.6
db:BUGTRAQid:20061012 SECUREWORKS RESEARCH CLIENT ADVISORY: MULTIPLE VENDOR BLUETOOTH MEMORY STACK CORRUPTION VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-200610-323
Trust: 0.6
db:BIDid:87177
Trust: 0.4
db:VULHUBid:VHN-21513
Trust: 0.1
db:PACKETSTORMid:50988
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21513 // 
            
            
            
            BID: 87177 // 
            
            
            
            JVNDB: JVNDB-2006-003320 // 
            
            
            
            PACKETSTORM: 50988 // 
            
            
            
            CNNVD: CNNVD-200610-323 // 
            
            
            
            NVD: CVE-2006-5405

REFERENCES
url:http://www.secureworks.com/press/20061011-dell.html
Trust: 2.1
url:http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html
Trust: 2.0
url:http://securitytracker.com/id?1017075
Trust: 2.0
url:http://securityreason.com/securityalert/1744
Trust: 2.0
url:http://attrition.org/pipermail/vim/2006-october/001085.html
Trust: 2.0
url:http://secunia.com/advisories/22402
Trust: 1.7
url:http://www.securityfocus.com/archive/1/448422/100/100/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/4057
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29503
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/448422/100/100/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5405
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5405
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/4057
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/29503
Trust: 0.6
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/6807/
Trust: 0.1
url:http://secunia.com/product/6806/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/22402/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21513 // 
            
            
            
            BID: 87177 // 
            
            
            
            JVNDB: JVNDB-2006-003320 // 
            
            
            
            PACKETSTORM: 50988 // 
            
            
            
            CNNVD: CNNVD-200610-323 // 
            
            
            
            NVD: CVE-2006-5405

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 87177

SOURCES
db:VULHUBid:VHN-21513
db:BIDid:87177
db:JVNDBid:JVNDB-2006-003320
db:PACKETSTORMid:50988
db:CNNVDid:CNNVD-200610-323
db:NVDid:CVE-2006-5405

LAST UPDATE DATE
2024-08-14T15:25:37.044000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21513date:2018-10-17T00:00:00
db:BIDid:87177date:2006-10-18T00:00:00
db:JVNDBid:JVNDB-2006-003320date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200610-323date:2006-10-19T00:00:00
db:NVDid:CVE-2006-5405date:2018-10-17T21:42:46.330

SOURCES RELEASE DATE
db:VULHUBid:VHN-21513date:2006-10-19T00:00:00
db:BIDid:87177date:2006-10-18T00:00:00
db:JVNDBid:JVNDB-2006-003320date:2012-12-20T00:00:00
db:PACKETSTORMid:50988date:2006-10-17T17:58:16
db:CNNVDid:CNNVD-200610-323date:2006-10-18T00:00:00
db:NVDid:CVE-2006-5405date:2006-10-19T01:07:00