Lucene search

[email protected]CVE-2005-2547

HistoryAug 12, 2005 - 4:00 a.m.

CVE-2005-2547

2005-08-1204:00:00

[email protected]

web.nvd.nist.gov

cve-2005-2547

security

hcid

bluez

remote attackers

arbitrary commands

shell metacharacters

bluetooth

pin helper

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Affected configurations

NVD

Node

bluez_projectbluezMatch2.18

CPENameOperatorVersion
bluez_project:bluezbluez project bluezeq2.18

CPE	Name	Operator	Version
bluez_project:bluez	bluez project bluez	eq	2.18

References

cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34

secunia.com/advisories/16453

secunia.com/advisories/16476

sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881

www.debian.org/security/2005/dsa-782

www.gentoo.org/security/en/glsa/glsa-200508-09.xml

www.securityfocus.com/bid/14572

bugs.gentoo.org/show_bug.cgi?id=101557

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2005-2547

nessus3 openvas4 redhatcve1 cvelist1 nvd1 ubuntucve1 securityvulns1 osv1 gentoo1 debian2