Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2007-0065.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 4 : bluez-utils (ELSA-2007-0065)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

0.224 Low

EPSS

Percentile

96.5%

JSON

From Red Hat Security Advisory 2007:0065 :

Updated bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The bluez-utils package contains Bluetooth daemons and utilities.

A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker would have been able to inject keyboard and mouse events via a Bluetooth connection without any authorization. (CVE-2006-6899)

Note that Red Hat Enterprise Linux does not come with the Bluetooth HID daemon enabled by default.

Users of bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:0065 and 
# Oracle Linux Security Advisory ELSA-2007-0065 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67448);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-6899");
  script_xref(name:"RHSA", value:"2007:0065");

  script_name(english:"Oracle Linux 4 : bluez-utils (ELSA-2007-0065)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2007:0065 :

Updated bluez-utils packages that fix a security flaw are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The bluez-utils package contains Bluetooth daemons and utilities.

A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker
would have been able to inject keyboard and mouse events via a
Bluetooth connection without any authorization. (CVE-2006-6899)

Note that Red Hat Enterprise Linux does not come with the Bluetooth
HID daemon enabled by default.

Users of bluez-utils are advised to upgrade to these updated packages,
which contains a backported patch to correct this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2007-May/000133.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected bluez-utils packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P");
  script_cwe_id(16);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bluez-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bluez-utils-cups");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL4", cpu:"i386", reference:"bluez-utils-2.10-2.2")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"bluez-utils-2.10-2.2")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"bluez-utils-cups-2.10-2.2")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"bluez-utils-cups-2.10-2.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bluez-utils / bluez-utils-cups");
}
VendorProductVersionCPE
oraclelinuxbluez-utilsp-cpe:/a:oracle:linux:bluez-utils
oraclelinuxbluez-utils-cupsp-cpe:/a:oracle:linux:bluez-utils-cups
oraclelinux4cpe:/o:oracle:linux:4

Related

nessus 5
ubuntu 1
openvas 4
oraclelinux 1
cvelist 1
redhat 1
nvd 1
ubuntucve 1
seebug 1
cve 1
centos 1
nessus
nessus
Scientific Linux Security Update : bluez-utils on SL4.x i386/x86_64
2012-08-01 00:00:00
RHEL 4 : bluez-utils (RHSA-2007:0065)
2007-05-16 00:00:00
CentOS 4 : bluez-utils (CESA-2007:0065)
2013-06-29 00:00:00
ubuntu
ubuntu
BlueZ vulnerability
2007-01-24 00:00:00
openvas
openvas
Mandriva Update for bluez-utils MDKSA-2007:014 (bluez-utils)
2009-04-09 00:00:00
Mandriva Update for bluez-utils MDKSA-2007:014 (bluez-utils)
2009-04-09 00:00:00
Ubuntu Update for bluez-utils vulnerability USN-413-1
2009-03-23 00:00:00
oraclelinux
oraclelinux
Moderate: bluez-utils security update
2007-05-14 00:00:00
cvelist
cvelist
CVE-2006-6899
2007-01-08 20:00:00
redhat
redhat
(RHSA-2007:0065) Moderate: bluez-utils security update
2007-05-14 00:00:00
nvd
nvd
CVE-2006-6899
2006-12-31 05:00:00
ubuntucve
ubuntucve
CVE-2006-6899
2006-12-31 00:00:00
seebug
seebug
BlueZ HID不安全设备连接漏洞
2007-01-17 00:00:00
cve
cve
CVE-2006-6899
2007-01-08 20:00:00
centos
centos
bluez security update
2007-05-16 17:34:21

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

0.224 Low

EPSS

Percentile

96.5%

JSON
Related for ORACLELINUX_ELSA-2007-0065.NASL
nessus5ubuntu1openvas4oraclelinux1cvelist1redhat1nvd1ubuntucve1seebug1cve1centos1