Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2716

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2716
Last Modified 05 Sep 2008 04:52:30
Published 29 Aug 2005 04:14:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2716

Summary

The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.

Vulnerable Systems

Application

  • Nokia Affix 2.1.2

  • Nokia Affix 3.2.0


References

MISC - http://www.digitalmunition.com/DMA%5B2005-0826a%5D.txt

CONFIRM - http://affix.sourceforge.net/patch_btsrv_affix_3_2_0

CONFIRM - http://affix.sourceforge.net/patch_btsrv_affix_2_1_2

XF - nokia-devicename-command-execution(22034)

BID - 14672

DEBIAN - DSA-796

SECUNIA - 16574

BUGTRAQ - 20050826 DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()'


Last Updated: 27 May 2016 10:40:37