Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2547

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2547
Last Modified 05 Sep 2008 04:52:03
Published 12 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2547

Summary

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Vulnerable Systems

Operating System

  • Bluez Project Bluez 2.18


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=101557

MLIST - [bluez-devel] 20050804 Possible security vulnerability in hcid when calling pin helper

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34

BID - 14572

GENTOO - GLSA-200508-09

DEBIAN - DSA-782

SECUNIA - 16476

SECUNIA - 16453


Last Updated: 27 May 2016 10:40:34