Lucene search

MitreCVE-2005-2547

HistoryAug 12, 2005 - 4:00 a.m.

CVE-2005-2547

2005-08-1204:00:00

mitre

web.nvd.nist.gov

cve-2005-2547

security

hcid

bluez

remote attackers

arbitrary commands

shell metacharacters

bluetooth

pin helper

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Affected configurations

Nvd

Node

bluez_projectbluezMatch2.18

VendorProductVersionCPE
bluez_projectbluez2.18cpe:2.3:o:bluez_project:bluez:2.18:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bluez_project	bluez	2.18	cpe:2.3:o:bluez_project:bluez:2.18:::::::*

References

cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34

secunia.com/advisories/16453

secunia.com/advisories/16476

sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881

www.debian.org/security/2005/dsa-782

www.gentoo.org/security/en/glsa/glsa-200508-09.xml

www.securityfocus.com/bid/14572

bugs.gentoo.org/show_bug.cgi?id=101557

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

Related for CVE-2005-2547