Device: Nokia 6310i Version: V 5.22 15-11-02 NPL-1 Version: V 5.50 03-03-03 NPL-1 (c) NMP Vulnerability List: 1) Buffer Overflow in OBEX stack see: http://www.pentest.co.uk/documents/ptl-2004-01.html 2) Phone book reading without paring Details: RFCOMM channels 17 and 18 open and accessable without pairing ----- Version: V 5.22 15-11-02 NPL-1 ----- Browsing 00:60:57:xx:xx:xx Service Name: Fax Service RecHandle: 0x10000 Service Class ID List: "Fax" (0x1111) "Generic Telephony" (0x1204) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 2 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Fax" (0x1111) Version: 0x0100 Pairing needed! Service Name: OBEX Object Push Service RecHandle: 0x10001 Service Class ID List: "OBEX Object Push" (0x1105) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 9 "OBEX" (0x0008) Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "OBEX Object Push" (0x1105) Version: 0x0100 Service Name: Audio Gateway Service RecHandle: 0x10002 Service Class ID List: "Headset Audio Gateway" (0x1112) "Generic Audio" (0x1203) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 12 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Headset" (0x1108) Version: 0x0100 Pairing needed! Service Name: COM 1 Service RecHandle: 0x10003 Service Class ID List: "Serial Port" (0x1101) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 3 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Pairing needed! Service Name: Voice Gateway Service RecHandle: 0x10004 Service Class ID List: "" (0x111f) "Generic Audio" (0x1203) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 13 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "" (0x111e) Version: 0x0100 Pairing needed! Service Name: Dial-up networking Service RecHandle: 0x10009 Service Class ID List: "Dialup Networking" (0x1103) "Generic Networking" (0x1201) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 1 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Dialup Networking" (0x1103) Version: 0x0100 Pairing needed! Requesting information ... BD Address: 00:60:57:xx:xx:xx LMP Version: 1.1 (0x1) LMP Subversion: 0x22c Manufacturer: Nokia Mobile Phones (1) Features: 0xbf 0x28 0x21 0x00 <3-slot packets> <5-slot packets> ----- Version: V 5.50 03-03-03 NPL-1 (c) NMP. ----- Browsing 00:60:57:xx:xx:xx ... Service Name: Fax Service RecHandle: 0x10000 Service Class ID List: "Fax" (0x1111) "Generic Telephony" (0x1204) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 2 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Fax" (0x1111) Version: 0x0100 Service Name: OBEX Object Push Service RecHandle: 0x10001 Service Class ID List: "OBEX Object Push" (0x1105) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 9 "OBEX" (0x0008) Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "OBEX Object Push" (0x1105) Version: 0x0100 Service Name: Dial-up networking Service RecHandle: 0x10002 Service Class ID List: "Dialup Networking" (0x1103) "Generic Networking" (0x1201) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 1 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Dialup Networking" (0x1103) Version: 0x0100 Service Name: Nokia PC Suite Service RecHandle: 0x10003 Service Class ID List: "Serial Port" (0x1101) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 15 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Service Name: COM 1 Service RecHandle: 0x10004 Service Class ID List: "Serial Port" (0x1101) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 3 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Service Name: Voice Gateway Service RecHandle: 0x10005 Service Class ID List: "" (0x111f) "Generic Audio" (0x1203) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 13 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "" (0x111e) Version: 0x0100 Service Name: Audio Gateway Service RecHandle: 0x10006 Service Class ID List: "Headset Audio Gateway" (0x1112) "Generic Audio" (0x1203) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 12 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Headset" (0x1108) Version: 0x0100 BD Address: 00:60:57:xx:xx:xx LMP Version: 1.1 (0x1) LMP Subversion: 0x22c Manufacturer: Nokia Mobile Phones (1) Features: 0xbf 0x28 0x21 0x00 0x00 0x00 0x00 0x00 <3-slot packets> <5-slot packets>