Small write up entitled "Hijacking Bluetooth Headsets for Fun and Profit".
77323c05bbb2580095063a300d007938e1bc5d61ac068734b800ab7a87e42caf
The Nokia Affix Bluetooth btsrv makes poor use of a popen() that in turn allows for privileged code execution as root.
cc94edfe1b5429594863603c23d573003e4beca70953ed64e8954d0aeb65b705
dsidentity on Apple OS X 10.4 allows any user on the system to add accounts to Directory Services.
9a589fe2fcf5a4e2c8797a0b1bd8fe9ec95ad4366d0ccffadf8656195041becd
Document that outlines an exploitable scenario for hcid using the popen() bug in security.c. This was written in response to a claim that the bluez vulnerability was quite trivial.
ba3ca0b2cbb2323bf730283ba3e93983b93c16bf657c4a78442e1241f594c2e5
Paper entitled "Theft of Bluetooth Link Keys for Fun and Profit?"
bab28a93e6d06017dbea2c25b0edf71991910355debb06e00d302cbb1a006e04
Apple OSX suffers from multiple bluetooth vulnerabilities.
1f2d239e36a2a11e6998d72399a7c9b0cdc8dcabb42c9fdd577e9c7bfc8b8182
Nokia Affix Bluetooth btsrv/btobex makes poor use of system() allowing for remote command execution as root.
43a7a7e9ccef6513cee8d509624d337031032bd9abeef5a58831ab2c8a4e6ce6
Nokia Affix btftp remote client exploit that affect versions below 3.2.0.
4777fa13b8ddade7061084db8c5d1d768933891c69aa232e4eab34ab153cc7a3
The Global Hauri ViRobot 2.0 server suffers from a cookie related overflow.
aae4fbf083312fd8cc842727b9168f931208ac628c9d8dfcd7103910ac1d0ddd
ViRobot UNIX/Linux Server web user interface remote root exploit which takes advantage of the setuid addschup cgi. Adds a root user to the system.
38923116589cf99dabcb2c13b224ec765e5f73330ad56759aa1b2a940d2964e6
Update on dot dot attacks against Bluetooth devices. Obex FTP and Widcomm software is affected, and some preauthentication vulnerabilities exist. Includes an example of an attack against an HP Ipaq 2215.
bf9c1a840f9fb853562f36de5d4a9f7deaaaf16005d5059078eadcf9328a86ed
ARPUS ce local overflow exploit that achieves root privileges. Written in perl.
260e630fb48e1db956cd243683bf12924c230fb545f13b695a53ae42f7d218f3
ARPUS ce local file overwrite exploit that makes use of a faulty exported DISPLAY.
6c556d52af331b5689f3b522fc4e9ad0d6b2c1e740bbad48889ecfa99588bdee
ESRI 9.x Arcgis local root format string exploit. Tested on Solaris 10.
d9b38e1d91584eb0bedbb171e5ed5696dc350abfafe5d6ce083db8b3fa2165fd
Nokia Affix Bluetooth Integer Underflow. Affix is a Bluetooth Protocol Stack for Linux that was developed by the Nokia Research Center, and implements Bluetooth protocols. This may lead to a local root compromise.
0b3e9bf80b6a9d1c3d8e5193b6e58cdca58f84d5a3afe253d5f89b22b04f820d
WIDCOMM Bluetooth Connectivity Software is vulnerable to a directory traversal exploit.
26922982be2e110326b1f4ab84e34eb26baddab981f457133c2df971e2f2f145
IVT BlueSoleil is susceptible to a directory traversal attack.
1e1d9af91bbd709b568392437d8a9b78522723c305f5bb8e88a5815032459e35
LuxMan 0.41-19.1 local root exploit that makes use of a buffer overflow.
7b01e49311df22b1e782ddfdbb2ef21a26bd6b3b31f09ee7f544b869544f4e19
LuxMan 0.41-19.1 is susceptible to local root compromise via a buffer overflow.
4ac2d3648cc96facc8f7e2051679d05fbc68b8bf148e46c72e5beaa33cdf2030
Local root exploit for the PerlIO package that makes use of a buffer overflow in PERLIO_DEBUG.
9d0552984b75d1eee91c3d55047ad2d3a217517c70c32a822a80f3f6ad4a4f98
The PerlIO package for Perl 5.8.0 suffers from a flaw where PERLIO_DEBUG is susceptible to a buffer overflow that allows for local root compromise when using setuid perl.
5e2549b861e8546d6c9a0b6ec2aca70aad65786d7da42bf5b87389a324a0c5d0
Local root exploit for the PerlIO package that makes use of a flaw where manipulation of the filename set in PERLIO_DEBUG allows for local root compromise when using setuid perl.
37c8e812ac9515d45c3ee54cc72ae33c4155953042f46623108ce7b9ced75a3c
The PerlIO package for Perl 5.8.0 suffers from a flaw where manipulation of the filename set in PERLIO_DEBUG allows for local root compromise when using setuid perl.
fc3d56a58c6c7d2ae08bf3106a893f605a2d8ba788499383f222dd779ac04d0f
Apple's OS X batch family of commands make poor use of setuid capabilities allowing for privilege escalation.
4b7f8222d4d52c294fcfe9d3930da745c276ff2c756307556f0b7f809f135083
Remote format string exploit for Berlios gpsd, a remake of pygps. On Debian, it achieves uid of gpsd. On Redhat, it achieves root.
9cf987a3eb342c6394cc4295306f491839c95483078d7f507c259c3482d304c3