Executive Summary

Summary
Title BlueZ vulnerability
Informations
Name USN-413-1 First vendor Publication 2007-01-24
Vendor Ubuntu Last vendor Modification 2007-01-24
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 5.4 Attack Range Adjacent network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 5.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
bluez-utils 2.20-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default Ubuntu installation, since hidd is normally disabled.

Original Source

Url : http://www.ubuntu.com/usn/USN-413-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10208
 
Oval ID: oval:org.mitre.oval:def:10208
Title: hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
Description: hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
Family: unix Class: vulnerability
Reference(s): CVE-2006-6899
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

OpenVAS Exploits

Date Description
2009-04-09 Name : Mandriva Update for bluez-utils MDKSA-2007:014 (bluez-utils)
File : nvt/gb_mandriva_MDKSA_2007_014.nasl
2009-03-23 Name : Ubuntu Update for bluez-utils vulnerability USN-413-1
File : nvt/gb_ubuntu_USN_413_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
32830 BlueZ (bluez-utils) Input Device Hijacking

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0065.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0065.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070514_bluez_utils_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-413-1.nasl - Type : ACT_GATHER_INFO
2007-05-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0065.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-014.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:04:07
  • Multiple Updates