CVE-2005-2547 - security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary comma

CVE-2005-2547

Summary

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

References

Vulnerable Configurations

cpe:2.3:o:bluez_project:bluez:2.18:*:*:*:*:*:*:*
cpe:2.3:o:bluez_project:bluez:2.18:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-09-2008 - 20:52)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14572
confirm	http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34 https://bugs.gentoo.org/show_bug.cgi?id=101557
debian	DSA-782
gentoo	GLSA-200508-09
mlist	[bluez-devel] 20050804 Possible security vulnerability in hcid when calling pin helper
secunia	16453 16476

statements via4

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. These issues did not affect the version of BlueZ as shipped with Red Hat Enterprise Linux 4.

Last major update

05-09-2008 - 20:52

Published

12-08-2005 - 04:00

Last modified

05-09-2008 - 20:52