Details of VAR-200606-0033

ID

VAR-200606-0033

CVE

CVE-2006-3146

TITLE

Toshiba Bluetooth protocol stack TOSRFBD.SYS Remote denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200606-407

DESCRIPTION

The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23. Toshiba Bluetooth Stack is prone to a remote denial-of-service vulnerability. Reports indicate that a successful attack can corrupt memory and restart a vulnerable computer. Toshiba Bluetooth Stack for Windows versions 4.0.23 and prior are reported to be affected

Trust: 1.26

sources: NVD: CVE-2006-3146 // BID: 18527 // VULMON: CVE-2006-3146

IOT TAXONOMY

category:

['network device']

sub_category:

bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.20.04	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.01.03	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.20.02	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	4.00.11	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.00.32	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	4.00.01t	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.10.00	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.20.01	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.20.00	Trust: 1.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.00.11	Trust: 1.0
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	4.00.23	Trust: 1.0
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.00.31a	Trust: 1.0
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3.00.12	Trust: 1.0
vendor:	toshiba	model:	bluetooth stack	scope:	lte	version:	4.00.29	Trust: 1.0
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	4.00.29	Trust: 0.6
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	4.0.23	Trust: 0.3
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	4.0.11	Trust: 0.3
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	4	Trust: 0.3
vendor:	toshiba	model:	bluetooth stack	scope:	eq	version:	3	Trust: 0.3
vendor:	toshiba	model:	bluetooth stack sp2	scope:	ne	version:	4	Trust: 0.3

sources: BID: 18527 // CNNVD: CNNVD-200606-407 // NVD: CVE-2006-3146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3146
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200606-407
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2006-3146
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-3146
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

sources: VULMON: CVE-2006-3146 // CNNVD: CNNVD-200606-407 // NVD: CVE-2006-3146

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2006-3146

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-407

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200606-407

PATCH

title:

url:

https://github.com/Essen-Lin/Practice-of-the-Attack-and-Defense-of-Computers_Project2

Trust: 0.1

sources: VULMON: CVE-2006-3146

EXTERNAL IDS

db:	BID	id:	18527	Trust: 2.0
db:	NVD	id:	CVE-2006-3146	Trust: 1.8
db:	SECTRACK	id:	1016345	Trust: 1.7
db:	OSVDB	id:	26686	Trust: 1.7
db:	VUPEN	id:	ADV-2006-2455	Trust: 1.7
db:	SECUNIA	id:	20657	Trust: 1.7
db:	XF	id:	27228	Trust: 0.6
db:	BUGTRAQ	id:	20060620 TRIFINITE SECURITY ADVISORY: BUFFER OVERRUN IN TOSHIBA BLUETOOTH STACK FOR WINDOWS	Trust: 0.6
db:	VIM	id:	20061017 SECUREWORKS RESEARCH CLIENT ADVISORY: MULTIPLE VENDOR BLUETOOTH MEMORY STACK CORRUPTION VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200606-407	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2006-3146	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2006-3146 // BID: 18527 // CNNVD: CNNVD-200606-407 // NVD: CVE-2006-3146

REFERENCES

url:	http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2	Trust: 2.0
url:	http://www.securityfocus.com/bid/18527	Trust: 1.7
url:	http://trifinite.org/trifinite_advisory_toshiba.html	Trust: 1.7
url:	http://secunia.com/advisories/20657	Trust: 1.7
url:	http://securitytracker.com/id?1016345	Trust: 1.7
url:	http://www.osvdb.org/26686	Trust: 1.7
url:	http://attrition.org/pipermail/vim/2006-october/001085.html	Trust: 1.7
url:	http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html	Trust: 1.7
url:	http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/2455	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27228	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/437811/100/0/threaded	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/27228	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/437811/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/2455	Trust: 0.6
url:	http://www.toshiba.com/	Trust: 0.3
url:	/archive/1/437811	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/essen-lin/practice-of-the-attack-and-defense-of-computers_project2	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2006-3146 // BID: 18527 // CNNVD: CNNVD-200606-407 // NVD: CVE-2006-3146

CREDITS

Martin Herfurt martin.herfurt@trifinite.org

Trust: 0.6

sources: CNNVD: CNNVD-200606-407

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2006-3146
db:	BID	id:	18527
db:	CNNVD	id:	CNNVD-200606-407
db:	NVD	id:	CVE-2006-3146

LAST UPDATE DATE

2025-04-03T20:51:38.841000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2006-3146	date:	2018-10-18T00:00:00
db:	BID	id:	18527	date:	2006-07-05T17:44:00
db:	CNNVD	id:	CNNVD-200606-407	date:	2006-11-01T00:00:00
db:	NVD	id:	CVE-2006-3146	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2006-3146	date:	2006-06-22T00:00:00
db:	BID	id:	18527	date:	2006-06-20T00:00:00
db:	CNNVD	id:	CNNVD-200606-407	date:	2006-06-22T00:00:00
db:	NVD	id:	CVE-2006-3146	date:	2006-06-22T22:06:00