CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
84.3%
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.
Vendor | Product | Version | CPE |
---|---|---|---|
bluez_project | bluez | 2.18 | cpe:2.3:o:bluez_project:bluez:2.18:*:*:*:*:*:*:* |
cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34
secunia.com/advisories/16453
secunia.com/advisories/16476
sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881
www.debian.org/security/2005/dsa-782
www.gentoo.org/security/en/glsa/glsa-200508-09.xml
www.securityfocus.com/bid/14572
bugs.gentoo.org/show_bug.cgi?id=101557