funsec mailing list archives

Microsoft Bluetooth stack OBEX directory traversal reported

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 30 Jan 2009 12:23:10 +0200 (EET)

More at
http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html

From the description of Alberto Moreno Tablado:

"There exists a Directory Traversal vulnerability in the OBEX FTP Service in Microsoft Bluetooth Stack implemented in 
Windows Mobile 5.0 & 6 devices.
A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP to traverse 
to parent directories out of the default Bluetooth shared folder."

This is BID33359.

via
http://www.f-secure.com/weblog/archives/00001592.html

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Microsoft Bluetooth stack OBEX directory traversal reported Juha-Matti Laurio (Jan 30)