PT-2006-3330 · Openobex · Libopenobex

Jeroen Van Wolffelaar

Published

2006-05-15

Updated

2017-07-20

CVE-2006-2366

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions libopenobex version 1.2

Description The issue allows user-assisted remote attackers to overwrite files via an arbitrary destination file name in an OBEX File Transfer session, when ircp is run with the -r option. This occurs because ircp io.c in libopenobex does not prompt the user when overwriting files.

Recommendations For libopenobex version 1.2, consider adding a prompt to warn the user when overwriting files, especially when ircp is run with the -r option, to prevent unintended file overwrites.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2366

Affected Products

Libopenobex

PT-2006-3330 · Openobex · Libopenobex

CVE-2006-2366

Related Identifiers

Affected Products

References · 8