| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 12 Jun 2005 09:33:22 -0000 From: hugo@...ohacking.com To: bugtraq@...urityfocus.com Subject: Bluetooth SIG Denial of Service vulnerability The next D.o.S. can be reproduced "at home", with a simple laptop. A bluettoth enabled PDA can reach same results. 1) D.o.S. to the bluetooth device Many bluetooth device communications can be totally inhibited simply by sending a ping-flood to the device from a linux laptop with bluetooth connectivity. To reproduce: # l2ping -f <bluetooth_address> At the time of this writing, tested devices are: - -Nokia 7650 (Symbian 6.0) - -Nokia 6600 (Symbian 7.0) - -Siemens V55 - -Motorola S55 - -Conceptronic (CBTU) Bluetooth dongle on Windows 2003 (vulnerable is windows BT stack implemetation...) - -Others... 1) ALL the devices tested are affected by DoS. (connection flood) 2) "Hide-mode protection" behaviour is different in any device/customer. Some devices can not be connected while in "hide-mode" while on others you can do it. - - Most affected customer seems to be NOKIA witch is vulnerable to denial od seervice, even in hidden mode... Nokia seems to agree with me in the fact that DoS exists (they have reproduced it), but they claim that they are following Bluetooth specifications, so maybe this is a Bluetooth design error... Quoting a Nokia guy from security-alert__at__nokia.com: "This DoS seems to be a specification issue which should be handled by Bluetooth SIG." For the complete time-line of ontacts with Nokia and Bluetooth people, check this URL: http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/bt/index.html Hugo Vázquez Caramés Infohacking Barcelona Spain
Powered by blists - more mailing lists