Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11320
HistoryFeb 07, 2006 - 12:00 a.m.

[ Secuobs - Tools release ] BSS (Bluetooth Stack Smasher) fuzzer

2006-02-0700:00:00
vulners.com
40

[Software] BSS - Bluetooth Stack Smasher

[Version] 0.6

[Location] BSS could be downloaded on http://www.secuobs.com/news/05022006-bluetooth10.shtml

[Credits] Pierre Betouin - [email protected]

Bug was found on following devices : hcidump, Sony/ericsson K600i/V600i/W800i, Nokia N70 & SAMSUNG E730
cell phones (feel free to debug yours and inform us :)

[Purpose]

BSS (Bluetooth Stack Smasher) is a L2CAP layer fuzzer, distributed under GPL licence.

BSS requires the standard bluetooth library.

Usage: ./bss [-s size] [-m mode] [-p pad_byte for modes 1-11] [-M maxcrash]

Modes :

0 All mode listed below

1 L2CAP_COMMAND_REJ

2 L2CAP_CONN_REQ

3 L2CAP_CONN_RSP

4 L2CAP_CONF_REQ

5 L2CAP_CONF_RSP

6 L2CAP_DISCONN_REQ

7 L2CAP_DISCONN_RSP

8 L2CAP_ECHO_REQ

9 L2CAP_ECHO_RSP

10 L2CAP_INFO_REQ

11 L2CAP_INFO_RSP

12 L2CAP Random Fuzzing (-s: max_size) (-M: crashcount)

BSS Example :

./bss -s 100 -m 12 -M 0 XX:XX:XX:XX:XX:XX

This example sends short random (mode 12) packets (maxsize is set to 100 bytes), in an infinite loop (-M
0).