CVE-2006-0212 Information

Description

Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.

Reference

http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2 http://marc.info/?l=full-disclosure&m=113712413907526&w=2 http://secunia.com/advisories/18437 http://securitytracker.com/id?1015486 http://www.digitalmunition.com/DMA5B2006-0112a5D.txt http://www.osvdb.org/22380 http://www.securityfocus.com/archive/1/421993/100/0/threaded http://www.securityfocus.com/bid/16236 http://www.vupen.com/english/advisories/2006/0184