Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buffer overflow exploit on Widcomm software causes security warning
Posted on 13-Aug-2004 07:24 | Filed under: News



Widcomm's products provides a range of Bluetooth connectivity solutions for PCs, PDAs, mobile phones, headsets, digital cameras, access points, and various output devices. British security testing service Pentest says Widcomm supply their Bluetooth Communications software to other companies to allow them to integrate Bluetooth technology into their devices. They also supply Bluetooth SDK's to enable developers to create applications that use Bluetooth. Therefore it may not be immediately apparent that you are using the Widcomm Bluetooth software and version numbers may vary.

An unauthenticated remote attacker can submit various malformed service requests via Bluetooth, triggering a buffer overflow and executing arbitrary code on the vulnerable device.

On Windows platforms this allows arbitrary code execution under the context of the currently logged on user account. Pentest have tested for the reported vulnerability against BTStackServer version 1.3.2.7 and 1.4.2.10 on both Windows XP and Windows 98 which ships with MSI Bluetooth Dongles. They have also tested this against an Pocket PC HP iPaq 5450 running WinCE 3.0 with Bluetooth software version 1.4.1.03.

Whilst the above platforms are the only platforms tested and confirmed to be exploitable by Pentest, the company says the discussions with Widcomm lead them to believe that are all versions prior to version BTW & BT-CE/PPC 3.0 are affected by this vulnerability. Widcomm has not confirmed whether BT-PPC/Phone Edition, BT-Smartphone, BTE-Mobile or BTE are vulnerable.

Pentest recommends users to set the devices to non-discoverable mode. It will not eliminate the vulnerability, but will limit exposure.


More information: http://www.pentest.co.uk/documents/ptl-2004-0...







Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Trending now »

Hot discussions in our forums right now:

Buying new - am I a fool to pay sticker price? How do I negotiate?
Created by allio, last reply by mattwnz on 5-Dec-2019 16:42 (43 replies)
Pages... 2 3


Can a car just flip over suddenly while driving at a normal speed?
Created by Batman, last reply by mudguard on 7-Dec-2019 08:56 (31 replies)
Pages... 2 3


How to diagnose random shut down - CPU?
Created by xxspinalxx, last reply by xxspinalxx on 4-Dec-2019 12:59 (14 replies)

Getting a SUV - Subaru Forester/Outback, Toyota RAV4, VW Tiguan?
Created by turtleattacks, last reply by Batman on 7-Dec-2019 13:19 (47 replies)
Pages... 2 3 4


New Member Introduction
Created by dom1nga, last reply by Gurezaemon on 4-Dec-2019 21:41 (11 replies)

Tesla Cybertruck Reveal
Created by Scott3, last reply by dafman on 7-Dec-2019 10:35 (154 replies)
Pages... 9 10 11


Is changing IMEI number illegal in NZ?
Created by 1024kb, last reply by dt on 6-Dec-2019 14:03 (9 replies)

Wedding Day Power Outages - Bluetooth mic/UE boom
Created by golfpunk111, last reply by tripper1000 on 4-Dec-2019 12:18 (19 replies)
Pages... 2