TITLE: Sony Ericsson Cell Phones Bluetooth L2CAP Denial of Service SECUNIA ADVISORY ID: SA18747 VERIFY ADVISORY: http://secunia.com/advisories/18747/ CRITICAL: Not critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Sony Ericsson W800i http://secunia.com/product/7845/ Sony Ericsson K600i http://secunia.com/product/7841/ Sony Ericsson T68i http://secunia.com/product/7846/ Sony Ericsson V600i http://secunia.com/product/7844/ DESCRIPTION: Pierre Betouin has discovered a vulnerability in various Sony Ericsson cell phones, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. This can be exploited to temporary halt a vulnerable cell phone by sending a L2CAP packet with a specially crafted header through a wireless Bluetooth connection. Successful exploitation requires that Bluetooth is enabled on the affected device. The vulnerability has been confirmed to affect Sony Ericsson W800i and has also been reported to affect the following products: * Sony Ericsson K600i * Sony Ericsson V600i * Sony Ericsson T68i SOLUTION: Disable Bluetooth. PROVIDED AND/OR DISCOVERED BY: Pierre Betouin ORIGINAL ADVISORY: http://www.secuobs.com/news/05022006-bluetooth7.shtml#english ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------