Secunia Security Advisory - Kevin Finisterre has reported a vulnerability in Motorola PEBL U6 and Motorola V600, which can be exploited by malicious people to trick users into accepting certain security dialogs.
7bab0254745c63e3a0d63bd0e5e7353b9cd28c745d3a3e5f1c646eb374cf11bf
TITLE:
Motorola Cellular Phones Security Dialog Spoofing Vulnerability
SECUNIA ADVISORY ID:
SA19319
VERIFY ADVISORY:
http://secunia.com/advisories/19319/
CRITICAL:
Less critical
IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information
WHERE:
>From remote
OPERATING SYSTEM:
Motorola V600
http://secunia.com/product/8840/
Motorola PEBL U6
http://secunia.com/product/8841/
DESCRIPTION:
Kevin Finisterre has reported a vulnerability in Motorola PEBL U6 and
Motorola V600, which can be exploited by malicious people to trick
users into accepting certain security dialogs.
The vulnerability is caused due to an input validation error where
the remote Bluetooth device name isn't properly sanitised before
being used in a security dialog. This can be exploited to trick users
into accepting an incoming wireless Bluetooth connection to the
"Headset Audio Gateway" on channel 3 by including newline characters
in the device name.
Successful exploitation allows access to personal information stored
in the cellular phone (e.g. phone book entries and SMS messages).
It has also been reported that it is possible to crash the handset by
sending an overly long OBEX "setpath()" via the OBEX File Transfer
service if the attacker's device has been paired. This may reportedly
be exploited to execute arbitrary code, but has not been proven.
SOLUTION:
The vulnerability has reportedly been fixed by the vendor.
PROVIDED AND/OR DISCOVERED BY:
Kevin Finisterre
ORIGINAL ADVISORY:
http://www.digitalmunition.com/DMA[2006-0321a].txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------