QwikSec

Security Database

CVE

CWE

Training

CVE-2006-1367

Published: Mar 23, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20060321 DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack'

mailing-list

x_refsource_BUGTRAQ

motorola-peblu6-v600-name-spoofing(25402)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://www.digitalmunition.com/DMA%5B2006-0321a%5D.txt

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

20060321 DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack'

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.