CVE-2006-2366 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-2366

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session.

Affected Software

Name	Vendor	Start Version	End Version
Openobex	Openobex	1.2 (including)	1.2 (including)
Libopenobex	Ubuntu	upstream	*

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366484
http://secunia.com/advisories/20302
http://www.securityfocus.com/bid/17921
https://exchange.xforce.ibmcloud.com/vulnerabilities/26686
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366484
http://secunia.com/advisories/20302
http://www.securityfocus.com/bid/17921
https://exchange.xforce.ibmcloud.com/vulnerabilities/26686