Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:9496
HistoryAug 17, 2005 - 12:00 a.m.

[Full-disclosure] [ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability

2005-08-1700:00:00
vulners.com
8

EPSS

0.011

Percentile

84.3%

JSON

Gentoo Linux Security Advisory GLSA 200508-09

                                        http://security.gentoo.org/

Severity: High
Title: bluez-utils: Bluetooth device name validation vulnerability
Date: August 17, 2005
Bugs: #101557
ID: 200508-09

Synopsis

Improper validation of Bluetooth device names can lead to arbitrary
command execution.

Background

bluez-utils are the utilities for use with the BlueZ implementation of
the Bluetooth wireless standards for Linux.

Affected packages

-------------------------------------------------------------------
 Package                   /  Vulnerable  /             Unaffected
-------------------------------------------------------------------

1 net-wireless/bluez-utils < 2.19 >= 2.19

Description

The name of a Bluetooth device is improperly validated by the hcid
utility when a remote device attempts to pair itself with a computer.

Impact

An attacker could create a malicious device name on a Bluetooth device
resulting in arbitrary commands being executed as root upon attempting
to pair the device with the computer.

Workaround

There are no known workarounds at this time.

Resolution

All bluez-utils users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-wireless/bluez-utils-2.19&quot;

References

[ 1 ] CAN-2005-2547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547
[ 2 ] bluez-utils ChangeLog

http://cvs.sourceforge.net/viewcvs.py/bluez/utils/ChangeLog?rev=1.28&amp;view=markup

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Related

nessus 3
osv 1
openvas 4
gentoo 1
ubuntucve 1
redhatcve 1
cvelist 1
nvd 1
debian 2
cve 1
nessus
nessus
Debian DSA-782-1 : bluez-utils - missing input sanitising
2005-08-23 00:00:00
Mandrake Linux Security Advisory : bluez-utils (MDKSA-2005:150)
2005-10-05 00:00:00
GLSA-200508-09 : bluez-utils: Bluetooth device name validation vulnerability
2005-08-18 00:00:00
osv
osv
bluez-utils - missing input sanitising
2005-08-23 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-782-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 782-1 (bluez-utils)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200508-09 (bluez-utils)
2008-09-24 00:00:00
gentoo
gentoo
bluez-utils: Bluetooth device name validation vulnerability
2005-08-17 00:00:00
ubuntucve
ubuntucve
CVE-2005-2547
2005-08-12 00:00:00
redhatcve
redhatcve
CVE-2005-2547
2015-10-30 09:57:20
cvelist
cvelist
CVE-2005-2547
2005-08-12 04:00:00
nvd
nvd
CVE-2005-2547
2005-08-12 04:00:00
debian
debian
[SECURITY] [DSA 782-1] New bluez-utils packages fix arbitrary command execution
2005-08-23 09:47:42
[SECURITY] [DSA 782-1] New bluez-utils packages fix arbitrary command execution
2005-08-23 09:47:42
cve
cve
CVE-2005-2547
2005-08-12 04:00:00

EPSS

0.011

Percentile

84.3%

JSON
Related for SECURITYVULNS:DOC:9496
nessus3osv1openvas4gentoo1ubuntucve1redhatcve1cvelist1nvd1debian2cve1