what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ToshibaBluetooth.txt

ToshibaBluetooth.txt
Posted Oct 17, 2006
Authored by SecureWorks | Site secureworks.com

A flaw exists in the Toshiba Bluetooth wireless device driver, used by multiple vendors, that allows a remote attacker within wireless range of a Bluetooth device to perform a denial-of-service (DoS) attack or execute arbitrary code at the highest privilege level.

tags | advisory, remote, arbitrary
SHA-256 | 8ea1d426af8d54ecb7d4f1fe38e94302151ac32daaf98c5085d8e362d4b23e32

ToshibaBluetooth.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SecureWorks Research Client Advisory
Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability

October 11th, 2006

Summary:

A flaw exists in the Toshiba Bluetooth wireless device driver, used by
multiple vendors, that allows a remote attacker within wireless range of
a Bluetooth device to perform a denial-of-service (DoS) attack or
execute arbitrary code at the highest privilege level.

Scope:

Toshiba Bluetooth host stack implementations version 3.x
Toshiba Bluetooth host stack implementations version 4 through 4.00.35,
including all shipping OEM versions are vulnerable.
Toshiba Bluetooth stacks running on 64-bit platforms are not vulnerable.
Toshiba is the OEM for multiple vendor Bluetooth stacks including, but
not limited to:
- Dell Computers
- Sony Vaio
- ASUS Computers
- and possibly other brands.

Description:

Bluetooth is a standards-based wireless technology used for short-range
data communications between electronic devices. The vulnerable
Bluetooth wireless device drivers are subject to potential attacks
through specially crafted Bluetooth packets. An attacker can
potentially take advantage of these conditions to cause a memory
corruption, a system crash, and/or the execution of arbitrary code at
the highest privilege level. An attacker would need to be within
approximately 10 meters of the victim. Additionally, an attacker would
need the Bluetooth address of the victim's device. Bluetooth addresses
are easily enumerated through active scanning if the device allows
discovery.

Detection:

Users of Toshiba's Bluetooth stack are encouraged to check the current
Bluetooth stack version by selecting:
Version 3.x - "Device Properties...", then "General"
Version 4.x - "Options", then "General", then "Details"

Toshiba has advised that security patches are normally offered for all
Bluetooth stacks. Please consult the download details document for
further information.

Users of Dell Bluetooth products are encouraged to verify the presence
and version of their Bluetooth stack by double-clicking on the
Bluetooth icon in the system tray to open the Bluetooth client utility
and selecting "Help", then "About".

Recommendations:

Toshiba has recommended that affected users visit their Bluetooth
vendor's website for an updated Bluetooth stack. If a patch is
unavailable, please visit the Toshiba Bluetooth website, which offers
security updates for all Bluetooth stacks including OEM versions, as
well as a Bluetooth Stack Security Pack at:
http://aps.toshiba-tro.de/bluetooth/redirect.php?page=pages/download.php

Users of Dell Latitude D820/D620/D420/D520 are asked to verify the
version of their Bluetooth stack using the method described above. If
your version is not 4.00.22(D) SP2 or newer, then it is recommended that
users upgrade to the latest driver versions located at
http://www.support.dell.com/.

Users of Dell Latitude D810/D610/D410/D510/X1 are asked to verify the
version of their Bluetooth stack using the method described above. If
your version is not 4.00.20(D) SP2 or newer, then it is recommended
that users upgrade to the latest driver versions to be made available
by November 4th, 2006 at http://www.support.dell.com/.

Bluetooth device users should be set to non-discoverable mode during
normal operations to reduce risk from this and other potential future
Bluetooth attacks.

References:
SecureWorks Research Client Advisory
Multiple Vendor Bluetooth Stack Memory Corruption Vulnerability
http://www.secureworks.com/press/20061011-dell.html

Toshiba: Bluetooth Download Page

http://aps.toshiba-tro.de/bluetooth/redirect.php?page=pages/download.php

Dell Support
http://www.support.dell.com/

Buffer Overrun in Toshiba Bluetooth Stack for Windows
http://trifinite.org/trifinite_advisory_toshiba.html

CVSS Scoring:

Access Vector: Remote
Access Complexity: High
Authentication: Not Required
Confidentiality: Complete
Integrity: Complete
Availability: Complete
Impact Bias: Normal
Score: 8.0

Credits:

This vulnerability was discovered and researched by David Maynor of
SecureWorks, Inc. and Jon Ellch. SecureWorks would like to thank
Christopher M. Davis and the entire Dell security response team as well
as Armin Scheruebl of Toshiba Europe GmbH and the Toshiba Bluetooth
Support team for their response and coordination.

About Secureworks

Please direct all security research related inquiries to:
Allen Wilson
(404) 417-3717
research@secureworks.com

All media inquiries should be directed to:
Elizabeth Clarke
(404) 486-4492
eclarke@secureworks.com

(c) Copyright 2006 SecureWorks, Inc.

This advisory may not be edited or modified in any way without the
express written consent of SecureWorks, Inc. If you wish to reprint
this advisory or any portion or element thereof, please contact
research@secureworks.com to seek permission. Permission is hereby
granted to link to this advisory via the SecureWorks web-site at
http://www.secureworks.com/press/20061011-dell.html or use in
accordance with the fair use doctrine of U.S. copyright laws.

Disclaimer: The information within this advisory may change without
notice. The most recent version of this advisory may be found on the
SecureWorks web site at www.secureworks.com for a limited period of
time. Use of this information constitutes acceptance for use in an
AS IS condition. There are NO warranties, implied or otherwise, with
regard to this information or its use. ANY USE OF THIS INFORMATION IS
AT THE USER'S RISK. In no event shall SecureWorks be liable for any
damages whatsoever arising out of or in connection with the use or
spread of this information.

SecureWorks PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as
http://www.secureworks.com/researchcenter/publickey.html

Revision History:
1.0; October 11th, 2006 - Initial advisory release

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.0 (Build 1202)

wsBVAwUBRS1VJw81H4LOxRiGAQhlawf9GZJ3LPFVIDRtqDbKndBYRC2eCqIBJNr3
mfGXQPjQ6vu1KzaosBmZMhz+ws6UvZ3+xVsRESMVDWqtuKicqhQy/rPIy4QAt9qc
Geg9rIYQH1/hbdMbcDiSVKLUS2IRRMRMIo4GvjqN9U7jOg/N9luKOhJnVsAOKZAE
6E4dRwqLYCshHH6JyuaL5nGfYEFh9DOc2Q3jh/AQhXa8Ld3dd3OXBV/94HKCEmqT
gYId4Tdgm7ti6vnlSDT6Pa33fwi3vM0CIrdW0u0FgFwkB2pO3gzLOlEWcls1lQku
/B7X5aISfhgPJWkZoztiIg7dRom2gOUCDrg6qRkntGuCRTqSDXepBQ==
=TbdP
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close