Published: 15/07/2005 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nokia affix 3.2.0
nokia affix 2.1.2

Kevin Finisterre discovered two problems in the Bluetooth FTP client from affix, user space utilities for the Affix Bluetooth protocol stack The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2005-2250 A buffer overflow allows remote attackers to execute arbitrary code via a long filename in an ...

source: wwwsecurityfocuscom/bid/14232/info Nokia Affix btsrv/btobex are reported prone to a remote command execution vulnerability The issue exists due to a lack of input sanitization that is performed before using attacker-controlled data in a 'system()' call Because the affected services run with superuser privileges, this issue may ...

NVD-CWE-Other http://www.debian.org/security/2005/dsa-762 http://affix.sourceforge.net/affix_212_sec.patch http://affix.sourceforge.net/affix_320_sec.patch http://www.securityfocus.com/bid/14232 http://marc.info/?l=bugtraq&m=112119962704397&w=2 http://www.digitalmunition.com/DMA%5B2005-0712b%5D.txt https://nvd.nist.gov https://www.debian.org/security/./dsa-762 https://www.exploit-db.com/exploits/25966/

CVE-2005-2277

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect