Ben
11th February 2006, 01:26 AM
http://www.frsirt.com/english/advisories/2006/0478
Advisory ID : FrSIRT/ADV-2006-0478
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-08
Technical Description
A vulnerability has been identified in various Sony Ericsson cell phones, which could be exploited by remote attackers to cause a denial of service. This flaw is due to an error in the Bluetooth service that fails to properly handle malformed L2CAP (Logical Link Control and Adaptation Layer Protocol) packets containing specially crafted headers, which could be exploited by remote attackers to cause a denial of service.
Affected Products
Sony Ericsson K600i
Sony Ericsson V600i
Sony Ericsson W800i
Sony Ericsson T68i
Solution
Disable the Bluetooth service.
The FrSIRT is not aware of any official supplied patch for this issue.
I'm not sure whether this affects the k600i & k608i as well... but be wary. I'm sure most of you appreciate that Bluetooth really should be turned off when not in use, or at least put into invisible mode.
Advisory ID : FrSIRT/ADV-2006-0478
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-08
Technical Description
A vulnerability has been identified in various Sony Ericsson cell phones, which could be exploited by remote attackers to cause a denial of service. This flaw is due to an error in the Bluetooth service that fails to properly handle malformed L2CAP (Logical Link Control and Adaptation Layer Protocol) packets containing specially crafted headers, which could be exploited by remote attackers to cause a denial of service.
Affected Products
Sony Ericsson K600i
Sony Ericsson V600i
Sony Ericsson W800i
Sony Ericsson T68i
Solution
Disable the Bluetooth service.
The FrSIRT is not aware of any official supplied patch for this issue.
I'm not sure whether this affects the k600i & k608i as well... but be wary. I'm sure most of you appreciate that Bluetooth really should be turned off when not in use, or at least put into invisible mode.