CVE-2006-0212
First published: Sat Jan 14 2006(Updated: )
Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Toshiba Bluetooth Wireless Device Driver | =3.00.11 | |
| Toshiba Bluetooth Wireless Device Driver | <=4.00.23t | |
| Toshiba Bluetooth Wireless Device Driver | =3.20.00 | |
| Toshiba Bluetooth Wireless Device Driver | =3.00.12 | |
| Toshiba Bluetooth Wireless Device Driver | =4.00.01t | |
| Toshiba Bluetooth Wireless Device Driver | =3.20.04 | |
| Toshiba Bluetooth Wireless Device Driver | =3.20.01 | |
| Toshiba Bluetooth Wireless Device Driver | =3.00.31a | |
| Toshiba Bluetooth Wireless Device Driver | =3.01.03 | |
| Toshiba Bluetooth Wireless Device Driver | =3.00.32 | |
| Toshiba Bluetooth Wireless Device Driver | =4.00.11 | |
| Toshiba Bluetooth Wireless Device Driver | =3.20.02 | |
| Toshiba Bluetooth Wireless Device Driver | =3.10.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt
- http://secunia.com/advisories/18437
- http://www.securityfocus.com/bid/16236
- http://www.osvdb.org/22380
- http://securitytracker.com/id?1015486
- http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2
- http://www.vupen.com/english/advisories/2006/0184
- http://marc.info/?l=full-disclosure&m=113712413907526&w=2
- http://www.securityfocus.com/archive/1/421993/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0212?
CVE-2006-0212 is classified as a high-severity vulnerability due to its potential to allow remote file uploads.
How do I fix CVE-2006-0212?
To fix CVE-2006-0212, update the Toshiba Bluetooth Stack to a version later than 4.00.23(T).
What systems are affected by CVE-2006-0212?
CVE-2006-0212 affects Toshiba Bluetooth Stack versions up to and including 4.00.23(T) as well as several earlier versions.
Can CVE-2006-0212 be exploited remotely?
Yes, CVE-2006-0212 can be exploited remotely through directory traversal techniques with OBEX Push services.
What are the consequences of CVE-2006-0212?
Exploitation of CVE-2006-0212 allows attackers to upload arbitrary files to specified remote locations, potentially leading to system compromise.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/toshiba
- canonical/toshiba bluetooth wireless device driver
- version/toshiba bluetooth wireless device driver/3.00.11
- version/toshiba bluetooth wireless device driver/4.00.23t
- version/toshiba bluetooth wireless device driver/3.20.00
- version/toshiba bluetooth wireless device driver/3.00.12
- version/toshiba bluetooth wireless device driver/4.00.01t
- version/toshiba bluetooth wireless device driver/3.20.04
- version/toshiba bluetooth wireless device driver/3.20.01
- version/toshiba bluetooth wireless device driver/3.00.31a
- version/toshiba bluetooth wireless device driver/3.01.03
- version/toshiba bluetooth wireless device driver/3.00.32
- version/toshiba bluetooth wireless device driver/4.00.11
- version/toshiba bluetooth wireless device driver/3.20.02
- version/toshiba bluetooth wireless device driver/3.10.00