funsec mailing list archives
Microsoft Bluetooth stack OBEX directory traversal reported
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 30 Jan 2009 12:23:10 +0200 (EET)
More at http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html
From the description of Alberto Moreno Tablado:
"There exists a Directory Traversal vulnerability in the OBEX FTP Service in Microsoft Bluetooth Stack implemented in Windows Mobile 5.0 & 6 devices. A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP to traverse to parent directories out of the default Bluetooth shared folder." This is BID33359. via http://www.f-secure.com/weblog/archives/00001592.html Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft Bluetooth stack OBEX directory traversal reported Juha-Matti Laurio (Jan 30)