Launchpad CVE tracker

CVE 2005-2547

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Related bugs and status

CVE-2005-2547 (Candidate) is related to these bugs:

Bug #19942: bluez-utils: Arbitrary command execution through inproper escaping in hcid's security.c

Summary				In	Importance	Status
	19942	bluez-utils: Arbitrary command execution through inproper escaping in hcid's security.c		bluez-utils (Ubuntu)	High	Fix Released
	19942	bluez-utils: Arbitrary command execution through inproper escaping in hcid's security.c		bluez-utils (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

DEBIAN: DSA-782
GENTOO: GLSA-200508-09
CONFIRM: https://bugs.gentoo.or...
SECUNIA: 16453
SECUNIA: 16476
BID: 14572
MLIST: [bluez-devel] 20050804...
CONFIRM: http://cvs.sourceforge...

Launchpad.net

CVE 2005-2547

Related bugs and status

Related bugs

References