Published: 12/08/2005 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote malicious users to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bluez project bluez 2.18

Henryk Plötz discovered a vulnerability in bluez-utils, tools and daemons for Bluetooth Due to missing input sanitising it is possible for an attacker to execute arbitrary commands supplied as device name from the remote device The old stable distribution (woody) is not affected by this problem since it doesn't contain bluez-utils packages For ...

NVD-CWE-Other http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881 https://bugs.gentoo.org/show_bug.cgi?id=101557 http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34 http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml http://secunia.com/advisories/16453 http://secunia.com/advisories/16476 http://www.debian.org/security/2005/dsa-782 http://www.securityfocus.com/bid/14572 https://nvd.nist.gov https://www.debian.org/security/./dsa-782

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-2547

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect