Lucene search
RootSSV:1227HistoryJan 17, 2007 - 12:00 a.m.
BlueZ HID不安全设备连接漏洞
2007-01-1700:00:00
Root
www.seebug.org
14
EPSS
0.308
Percentile
97.0%
BUGTRAQ ID: 22076
CVE(CAN) ID: CVE-2006-6899
BlueZ是官方的Linux蓝牙协议栈。
BlueZ的人机接口设备(HID)主机未经认证便接受设备连接,如果某些配置的HID(PSM)端点以server模式运行的话,攻击者就可能向受影响系统中加入新的蓝牙设备(如鼠标、键盘),获得完全控制。
受影响系统:
BlueZ BlueZ < 2.25
不受影响系统:
BlueZ BlueZ 2.25
厂商补丁:
BlueZ
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.bluez.org/redirect.php?url=http%3A%2F%2Fbluez.sf.net%2Fdownload%2Fbluez-utils-3.8.tar.gz” target=“_blank”>http://www.bluez.org/redirect.php?url=http%3A%2F%2Fbluez.sf.net%2Fdownload%2Fbluez-utils-3.8.tar.gz</a>
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
/*
* hidattack v0.1
*
* (c) Collin R. Mulliner <[email protected]>
* http://w
Related
openvas
openvas
Mandriva Update for bluez-utils MDKSA-2007:014 (bluez-utils)
2009-04-09 00:00:00
Mandriva Update for bluez-utils MDKSA-2007:014 (bluez-utils)
2009-04-09 00:00:00
Ubuntu: Security Advisory (USN-413-1)
2009-03-23 00:00:00
exploitdb
exploitdb
BlueZ 1.x/2.x - HIDD Bluetooh HID Command Injection
2007-11-16 00:00:00
nessus
nessus
RHEL 4 : bluez-utils (RHSA-2007:0065)
2007-05-16 00:00:00
Scientific Linux Security Update : bluez-utils on SL4.x i386/x86_64
2012-08-01 00:00:00
Mandrake Linux Security Advisory : bluez-utils (MDKSA-2007:014)
2007-02-18 00:00:00
ubuntu
ubuntu
BlueZ vulnerability
2007-01-24 00:00:00
redhat
redhat
(RHSA-2007:0065) Moderate: bluez-utils security update
2007-05-14 00:00:00
nvd
nvd
CVE-2006-6899
2006-12-31 05:00:00
ubuntucve
ubuntucve
CVE-2006-6899
2006-12-31 00:00:00
oraclelinux
oraclelinux
Moderate: bluez-utils security update
2007-05-14 00:00:00
cvelist
cvelist
CVE-2006-6899
2007-01-08 20:00:00
centos
centos
bluez security update
2007-05-16 17:34:21
cve
cve
CVE-2006-6899
2007-01-08 20:00:00