Sony Ericsson Phones Bluetooth L2CAP Denial of Service Vulnerability

Your browser does not support inline frames or is currently configured not to display inline frames.

Home > Mobile Security

Feb 6 2006

Advisory ID : FrSIRT/ADV-2006-0478
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-08

Technical Description

A vulnerability has been identified in various Sony Ericsson cell phones, which could be exploited by remote attackers to cause a denial of service. This flaw is due to an error in the Bluetooth service that fails to properly handle malformed L2CAP (Logical Link Control and Adaptation Layer Protocol) packets containing specially crafted headers, which could be exploited by remote attackers to cause a denial of service.

Affected Products

Sony Ericsson K600i
Sony Ericsson V600i
Sony Ericsson W800i
Sony Ericsson T68i

Solution

Disable the Bluetooth service.

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2006/0478
http://www.secuobs.com/news/05022006-bluetooth6.shtml
http://www.secuobs.com/news/05022006-bluetooth7.shtml

Your browser does not support inline frames or is currently configured not to display inline frames.

Your browser does not support inline frames or is currently configured not to display inline frames.

Your browser does not support inline frames or is currently configured not to display inline frames.
Your browser does not support inline frames or is currently configured not to display inline frames.

FREE NEWSLETTER