Executive Summary
| Summary | |
|---|---|
| Title | New bluez-utils packages fix arbitrary command execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-782 | First vendor Publication | 2005-08-23 |
| Vendor | Debian | Last vendor Modification | 2005-08-23 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Henryk Plötz discovered a vulnerability n bluez-utils, tools and daemons for Bluetooth. Due to missing input sanitising it is possible for an attacker to execute arbitrary commands supplied as device name from the remote device. The old stable distribution (woody) is not affected by this problem since it doesn't contain bluez-utils packages. For the stable distribution (sarge) this problem has been fixed in version 2.15-1.1. For the unstable distribution (sid) this problem has been fixed in version 2.19-1. We recommend that you upgrade your bluez-utils package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-782 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-09 (bluez-utils) File : nvt/glsa_200508_09.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 782-1 (bluez-utils) File : nvt/deb_782_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 18770 | BlueZ Crafted Device Name Arbitrary Command Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-150.nasl - Type : ACT_GATHER_INFO |
| 2005-08-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-782.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-09.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:15 |
|
