CVE-2006-2366

Name of the Vulnerable Software and Affected Versions libopenobex version 1.2

Description The issue allows user-assisted remote attackers to overwrite files via an arbitrary destination file name in an OBEX File Transfer session, when ircp is run with the -r option. This occurs because ircp io.c in libopenobex does not prompt the user when overwriting files.

Recommendations For libopenobex version 1.2, consider adding a prompt to warn the user when overwriting files, especially when ircp is run with the -r option, to prevent unintended file overwrites.