CVE-2006-1367
Gravedad CVSS v2.0:
MEDIA
Tipo:
CWE-200
Revelación de información
Fecha de publicación:
23/03/2006
Última modificación:
07/11/2023
Descripción
*** Pendiente de traducción *** The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one.
Impacto
Puntuación base 2.0
6.80
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
CPE | Desde | Hasta |
---|---|---|
cpe:2.3:h:motorola:pebl_u6:u6_08.83.76r:*:*:*:*:*:*:* | ||
cpe:2.3:h:motorola:v600:*:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044287.html
- http://secunia.com/advisories/19319
- http://www.digitalmunition.com/DMA%5B2006-0321a%5D.txt
- http://www.securityfocus.com/archive/1/428431/100/0/threaded
- http://www.securityfocus.com/bid/17190
- http://www.vupen.com/english/advisories/2006/1045
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25402