data/DTSA/advs/9-bluez-utils.adv


1
2
3
4
5
6
7
8
9
10
11
12
13
14

source: bluez-utils
date: August 31st, 2005
author: Joey Hess
vuln-type: bad device name escaping
problem-scope: remote
debian-specific: no
cve: CVE-2005-2547
testing-fix: 2.19-0.1etch1
sid-fix: 2.19-1
upgrade: apt-get install bluez-utils

A bug in bluez-utils allows remote attackers to execute arbitrary commands
via shell metacharacters in the Bluetooth device name when invoking the PIN
helper.