Small write up entitled "Hijacking Bluetooth Headsets for Fun and Profit".
77323c05bbb2580095063a300d007938e1bc5d61ac068734b800ab7a87e42cafThe Nokia Affix Bluetooth btsrv makes poor use of a popen() that in turn allows for privileged code execution as root.
cc94edfe1b5429594863603c23d573003e4beca70953ed64e8954d0aeb65b705dsidentity on Apple OS X 10.4 allows any user on the system to add accounts to Directory Services.
9a589fe2fcf5a4e2c8797a0b1bd8fe9ec95ad4366d0ccffadf8656195041becdDocument that outlines an exploitable scenario for hcid using the popen() bug in security.c. This was written in response to a claim that the bluez vulnerability was quite trivial.
ba3ca0b2cbb2323bf730283ba3e93983b93c16bf657c4a78442e1241f594c2e5Paper entitled "Theft of Bluetooth Link Keys for Fun and Profit?"
bab28a93e6d06017dbea2c25b0edf71991910355debb06e00d302cbb1a006e04Apple OSX suffers from multiple bluetooth vulnerabilities.
1f2d239e36a2a11e6998d72399a7c9b0cdc8dcabb42c9fdd577e9c7bfc8b8182Nokia Affix Bluetooth btsrv/btobex makes poor use of system() allowing for remote command execution as root.
43a7a7e9ccef6513cee8d509624d337031032bd9abeef5a58831ab2c8a4e6ce6Nokia Affix btftp remote client exploit that affect versions below 3.2.0.
4777fa13b8ddade7061084db8c5d1d768933891c69aa232e4eab34ab153cc7a3The Global Hauri ViRobot 2.0 server suffers from a cookie related overflow.
aae4fbf083312fd8cc842727b9168f931208ac628c9d8dfcd7103910ac1d0dddViRobot UNIX/Linux Server web user interface remote root exploit which takes advantage of the setuid addschup cgi. Adds a root user to the system.
38923116589cf99dabcb2c13b224ec765e5f73330ad56759aa1b2a940d2964e6Update on dot dot attacks against Bluetooth devices. Obex FTP and Widcomm software is affected, and some preauthentication vulnerabilities exist. Includes an example of an attack against an HP Ipaq 2215.
bf9c1a840f9fb853562f36de5d4a9f7deaaaf16005d5059078eadcf9328a86edARPUS ce local overflow exploit that achieves root privileges. Written in perl.
260e630fb48e1db956cd243683bf12924c230fb545f13b695a53ae42f7d218f3ARPUS ce local file overwrite exploit that makes use of a faulty exported DISPLAY.
6c556d52af331b5689f3b522fc4e9ad0d6b2c1e740bbad48889ecfa99588bdeeESRI 9.x Arcgis local root format string exploit. Tested on Solaris 10.
d9b38e1d91584eb0bedbb171e5ed5696dc350abfafe5d6ce083db8b3fa2165fdNokia Affix Bluetooth Integer Underflow. Affix is a Bluetooth Protocol Stack for Linux that was developed by the Nokia Research Center, and implements Bluetooth protocols. This may lead to a local root compromise.
0b3e9bf80b6a9d1c3d8e5193b6e58cdca58f84d5a3afe253d5f89b22b04f820dWIDCOMM Bluetooth Connectivity Software is vulnerable to a directory traversal exploit.
26922982be2e110326b1f4ab84e34eb26baddab981f457133c2df971e2f2f145IVT BlueSoleil is susceptible to a directory traversal attack.
1e1d9af91bbd709b568392437d8a9b78522723c305f5bb8e88a5815032459e35LuxMan 0.41-19.1 local root exploit that makes use of a buffer overflow.
7b01e49311df22b1e782ddfdbb2ef21a26bd6b3b31f09ee7f544b869544f4e19LuxMan 0.41-19.1 is susceptible to local root compromise via a buffer overflow.
4ac2d3648cc96facc8f7e2051679d05fbc68b8bf148e46c72e5beaa33cdf2030Local root exploit for the PerlIO package that makes use of a buffer overflow in PERLIO_DEBUG.
9d0552984b75d1eee91c3d55047ad2d3a217517c70c32a822a80f3f6ad4a4f98The PerlIO package for Perl 5.8.0 suffers from a flaw where PERLIO_DEBUG is susceptible to a buffer overflow that allows for local root compromise when using setuid perl.
5e2549b861e8546d6c9a0b6ec2aca70aad65786d7da42bf5b87389a324a0c5d0Local root exploit for the PerlIO package that makes use of a flaw where manipulation of the filename set in PERLIO_DEBUG allows for local root compromise when using setuid perl.
37c8e812ac9515d45c3ee54cc72ae33c4155953042f46623108ce7b9ced75a3cThe PerlIO package for Perl 5.8.0 suffers from a flaw where manipulation of the filename set in PERLIO_DEBUG allows for local root compromise when using setuid perl.
fc3d56a58c6c7d2ae08bf3106a893f605a2d8ba788499383f222dd779ac04d0fApple's OS X batch family of commands make poor use of setuid capabilities allowing for privilege escalation.
4b7f8222d4d52c294fcfe9d3930da745c276ff2c756307556f0b7f809f135083Remote format string exploit for Berlios gpsd, a remake of pygps. On Debian, it achieves uid of gpsd. On Redhat, it achieves root.
9cf987a3eb342c6394cc4295306f491839c95483078d7f507c259c3482d304c3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed