Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-1365

The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack.

Published

2006-03-23T23:06:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	motorola	e398	*	Yes
Hardware	motorola	pebl_u6	08.83.76r	Yes
Hardware	motorola	v600	*	Yes

References

http://trifinite.org/trifinite_stuff_helomoto.html Exploit ([email protected])
http://www.digitalmunition.com/DMA%5B2006-0321a%5D.txt ([email protected])
http://www.securityfocus.com/archive/1/428431/100/0/threaded ([email protected])
http://trifinite.org/trifinite_stuff_helomoto.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.digitalmunition.com/DMA%5B2006-0321a%5D.txt (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/428431/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)