CVE-2006-3146

Description

The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23.

Related CPE's

Could not find any relations

References

18527

Exploit

http://trifinite.org/trifinite_advisory_toshiba.html

Vendor Advisory

20657

PatchVendor Advisory

1016345

26686

http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2

20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability

http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html

http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html

ADV-2006-2455

Vendor Advisory

toshiba-bluetooth-dos(27228)

20060620 trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

5

Created by Yello
About Severity.io