CVE-2005-2250

Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://affix.sourceforge.net/affix_212_sec.patch	Patch
http://www.debian.org/security/2005/dsa-762
http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txt	Vendor Advisory
http://www.securityfocus.com/bid/14230	Patch
http://affix.sourceforge.net/affix_212_sec.patch	Patch
http://www.debian.org/security/2005/dsa-762
http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txt	Vendor Advisory
http://www.securityfocus.com/bid/14230	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nokia:affix:2.0:::::::*
	cpe:2.3:a:nokia:affix:2.0.1:::::::*
	cpe:2.3:a:nokia:affix:2.0.2:::::::*
	cpe:2.3:a:nokia:affix:2.1:::::::*
	cpe:2.3:a:nokia:affix:2.1.1:::::::*
	cpe:2.3:a:nokia:affix:2.1.2:::::::*
	cpe:2.3:a:nokia:affix:2.3.0:::::::*
	cpe:2.3:a:nokia:affix:3.0:::::::*
	cpe:2.3:a:nokia:affix:3.1:::::::*
	cpe:2.3:a:nokia:affix:3.2.0:::::::*

History

20 Nov 2024, 23:59

Type	Values Removed	Values Added
References	~~() http://affix.sourceforge.net/affix_212_sec.patch - Patch~~	() http://affix.sourceforge.net/affix_212_sec.patch - Patch
References	~~() http://www.debian.org/security/2005/dsa-762 -~~	() http://www.debian.org/security/2005/dsa-762 -
References	~~() http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txt - Vendor Advisory~~	() http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txt - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/14230 - Patch~~	() http://www.securityfocus.com/bid/14230 - Patch

Information

Published : 2005-07-13 04:00

Updated : 2024-11-20 23:59

NVD link : CVE-2005-2250

Mitre link : CVE-2005-2250

CVE.ORG link : CVE-2005-2250

JSON object : View

Products Affected

nokia

affix

CWE

NVD-CWE-Other

{"id": "CVE-2005-2250", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-07-13T04:00:00.000", "references": [{"url": "http://affix.sourceforge.net/affix_212_sec.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2005/dsa-762", "source": "cve@mitre.org"}, {"url": "http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14230", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://affix.sourceforge.net/affix_212_sec.patch", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2005/dsa-762", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/14230", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Bluetooth FTP client (BTFTP) en Nokia Affix 2.1.2 and 3.2.0 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante un nombre de fichero largo en un recurso compartido OBEX."}], "lastModified": "2024-11-20T23:59:08.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nokia:affix:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57AA1BEB-B2F9-4FF0-B606-677C15C3F5AB"}, {"criteria": "cpe:2.3:a:nokia:affix:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF228751-7CC7-46CC-A2B5-CFE47F6D5A69"}, {"criteria": "cpe:2.3:a:nokia:affix:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13689EDD-8324-4377-92BF-88F50810D90F"}, {"criteria": "cpe:2.3:a:nokia:affix:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A53918FB-12AD-42CA-823B-C2830BE99EE3"}, {"criteria": "cpe:2.3:a:nokia:affix:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0626DDC-4FD6-484D-83CB-92B61CDD053B"}, {"criteria": "cpe:2.3:a:nokia:affix:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B53EDC5B-8B67-4F93-90C8-17721F02A1CD"}, {"criteria": "cpe:2.3:a:nokia:affix:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "509BB72F-0689-46B9-85F1-9B7C4AD7F847"}, {"criteria": "cpe:2.3:a:nokia:affix:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4075DD71-E0F8-40FF-88FF-11289200743F"}, {"criteria": "cpe:2.3:a:nokia:affix:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9F504D8-C1BB-47AA-AF41-3AC8ABB17E8F"}, {"criteria": "cpe:2.3:a:nokia:affix:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F15F9E16-A1B4-4B5B-975E-E9969C41B5E2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}