CVE-2008-4295 - Vulnerability Details - OpenCVE

Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Htc	Mda Wiza
Microsoft	Windows Mobile

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:htc:mda:8125:::::::*
	cpe:2.3:h:htc:wiza:200:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/32066
http://www.securityfocus.com/bid/31420
https://exchange.xforce.ibmcloud.com/vulnerabilities/45463
https://www.exploit-db.com/exploits/6582

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-27T00:00:00

Updated: 2024-08-07T10:08:35.016Z

Reserved: 2008-09-26T00:00:00

Link: CVE-2008-4295

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-09-27T10:30:03.600

Modified: 2024-11-21T00:51:19.540

Link: CVE-2008-4295

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-26T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "windowsmobile-bluetooth-dos(45463)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6582"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4295", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "windowsmobile-bluetooth-dos(45463)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6582"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:08:35.016Z"}, "title": "CVE Program Container", "references": [{"name": "windowsmobile-bluetooth-dos(45463)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"name": "32066", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32066"}, {"name": "31420", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31420"}, {"name": "6582", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6582"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4295", "datePublished": "2008-09-27T00:00:00", "dateReserved": "2008-09-26T00:00:00", "dateUpdated": "2024-08-07T10:08:35.016Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "54F2E86B-81CA-45D7-94B4-048F0A01650C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:htc:mda:8125:*:*:*:*:*:*:*", "matchCriteriaId": "2B038B84-F19A-4235-94B0-0604A6AC9BD7", "vulnerable": false}, {"criteria": "cpe:2.3:h:htc:wiza:200:*:*:*:*:*:*:*", "matchCriteriaId": "76A4A26F-4944-4802-B0E1-A87B67AEE4D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices."}, {"lang": "es", "value": "Microsoft Windows Mobile 6.0 en dispositivos HTC Wiza 200 y HTC MDA 8125 no trata adecuadamente el primer intento de establecer la conexi\u00f3n Bluetooth a un punto con un nombre largo, lo cual permite a atacantes remotos causar denegaci\u00f3n de servicio (reinicio de dispositivo) por la configuraci\u00f3n de un dispositivo Bluetooth con un nombre hci largo y (1) conexi\u00f3n directamente al sistema Windows Mobile o (2) esperar para escanear dispositivos cercanos del sistema Windows Mobile."}], "id": "CVE-2008-4295", "lastModified": "2024-11-21T00:51:19.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-27T10:30:03.600", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32066"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31420"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6582"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6582"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}