BlueSoleil Object Push directory traversal
| bluesoleil-object-push-directory-traversal (19930) |  Medium Risk |
Description:
BlueSoleil is an application running on Microsoft Windows that enables the Bluetooth function. BlueSoleil version 1.4 and possibly other versions could allow a remote attacker to traverse directories on the Web server caused by improper validation of user-supplied input in the Object Push service. If a remote attacker has access to the Object Push service, the attacker could use directory traversal sequences to bypass security restrictions and upload files to the victim's system.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- BlueSoleil Web site: BlueSoleil - Bluetooth Wireless Software for Windows!.
- Digital Munition DMA[2005-0401a]: IVT BlueSoleil Directory Transversal.
- BID-12961: BlueSoleil Object Push Service Bluetooth File Upload Directory Traversal Vulnerability
- CVE-2005-0978: Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command.
- SA14790: BlueSoleil Object Push Service Directory Traversal Vulnerability
Platforms Affected:
- BlueSoleil BlueSoleil 1.4
Reported:
Apr 01, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net