ID
VAR-E-201107-0006
TITLE
HTC OBEX FTP Service in Android Directory Traversal Vulnerability
Trust: 0.3
sources:
BID: 48821
DESCRIPTION
HTC devices running the Bluetooth OBEX FTP service on Android OS is prone to a directory-traversal vulnerability.
Exploiting this issue allows an attacker to read or download arbitrary files from locations outside the application's current directory and obtain sensitive information. Other attacks may also be possible.
Trust: 0.3
sources:
BID: 48821
AFFECTED PRODUCTS
| vendor: | htc | model: | wildfire | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | htc | model: | desire hd | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | htc | model: | aria | scope: | eq | version: | 0 | Trust: 0.3 |
sources:
BID: 48821
EXPLOIT
An attacker can exploit this issue by using an FTP client installed on a computer or device that has Bluetooth capabilities.
Trust: 0.3
sources:
BID: 48821
PRICE
Free
Trust: 0.3
sources:
BID: 48821
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 48821
CREDITS
Alberto Moreno Tablado
Trust: 0.3
sources:
BID: 48821
EXTERNAL IDS
| db: | BID | id: | 48821 | Trust: 0.3 |
sources:
BID: 48821
REFERENCES
| url: | http://www.seguridadmobile.com/android/android-security/htc-android-obex-ftp-service-directory-traversal.html | Trust: 0.3 |
| url: | http://www.htc.com/www/ | Trust: 0.3 |
sources:
BID: 48821
SOURCES
| db: | BID | id: | 48821 |
LAST UPDATE DATE
2022-07-27T09:47:48.156000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 48821 | date: | 2011-07-20T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 48821 | date: | 2011-07-20T00:00:00 |