Vulnerability: Bluetooth Stack Denial of Service (DoS) on Sony/Ericsson cell phones Affected Software: Bluetooth Stack on Sony/Ericsson cell phones Affected Versions: Sony/Ericsson K600i, V600i, W800i, T68i and other models Impact: Bluetooth Stack DoS (may lead to phone reboot, shutdown, or white screen bug) Discovery Tool: BSS v0.6 GPL fuzzer (Bluetooth Stack Smasher) Disclosure Timeline: - Bug found with BSS - Vendor notified now Details: - Original advisory links: - http://www.secuobs.com/news/05022006-bluetooth7.shtml#english - http://www.secuobs.com/news/05022006-bluetooth7.shtml#french - PoC (Proof of Concept) tool for download: http://www.secuobs.com/news/05022006-bluetooth6.shtml - To trigger DoS: Length sent in the L2CAP field must be equal to the real length minus 3 (size of L2CAP header is 4 bytes) - Example short raw L2CAP packet: 08 01 01 00 - L2CAP header fields: , ,