CVE-2006-3146: Buffer Overflow
First published: Thu Jun 22 2006(Updated: )
The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Toshiba Bluetooth Stack | <=4.00.29 | |
| Toshiba Bluetooth Stack | =3.00.11 | |
| Toshiba Bluetooth Stack | =3.00.12 | |
| Toshiba Bluetooth Stack | =3.00.31a | |
| Toshiba Bluetooth Stack | =3.00.32 | |
| Toshiba Bluetooth Stack | =3.01.03 | |
| Toshiba Bluetooth Stack | =3.10.00 | |
| Toshiba Bluetooth Stack | =3.20.00 | |
| Toshiba Bluetooth Stack | =3.20.01 | |
| Toshiba Bluetooth Stack | =3.20.02 | |
| Toshiba Bluetooth Stack | =3.20.04 | |
| Toshiba Bluetooth Stack | =4.00.01t | |
| Toshiba Bluetooth Stack | =4.00.11 | |
| Toshiba Bluetooth Stack | =4.00.23 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/18527
- http://trifinite.org/trifinite_advisory_toshiba.html
- http://secunia.com/advisories/20657
- http://securitytracker.com/id?1016345
- http://www.osvdb.org/26686
- http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2
- http://attrition.org/pipermail/vim/2006-October/001085.html
- http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html
- http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html
- http://www.vupen.com/english/advisories/2006/2455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27228
- http://www.securityfocus.com/archive/1/437811/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- agent/weakness
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/toshiba
- canonical/toshiba bluetooth stack
- version/toshiba bluetooth stack/4.00.29
- version/toshiba bluetooth stack/3.00.11
- version/toshiba bluetooth stack/3.00.12
- version/toshiba bluetooth stack/3.00.31a
- version/toshiba bluetooth stack/3.00.32
- version/toshiba bluetooth stack/3.01.03
- version/toshiba bluetooth stack/3.10.00
- version/toshiba bluetooth stack/3.20.00
- version/toshiba bluetooth stack/3.20.01
- version/toshiba bluetooth stack/3.20.02
- version/toshiba bluetooth stack/3.20.04
- version/toshiba bluetooth stack/4.00.01t
- version/toshiba bluetooth stack/4.00.11
- version/toshiba bluetooth stack/4.00.23
- vendor/microsoft
- canonical/microsoft windows