Vulnerability Details : CVE-2006-0670
Potential exploit
Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2006-0670
- cpe:2.3:a:bluez_project:hcidump:1.29:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0670
12.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0670
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2006-0670
-
Red Hat 2006-09-19Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187945 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
References for CVE-2006-0670
-
http://securityreason.com/securityalert/465
-
http://www.vupen.com/english/advisories/2006/0479
-
http://marc.info/?l=full-disclosure&m=113924625825488&w=2
-
http://www.ubuntu.com/usn/usn-256-1
-
http://www.secuobs.com/news/05022006-bluetooth9.shtml#english
Exploit
-
http://www.securityfocus.com/archive/1/424133/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24533
-
http://www.debian.org/security/2006/dsa-990
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:041
Jump to