Ubuntu
bluez-utils package

  1. Bug #19942
  2. Comment #2

Comment 2 for bug 19942

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Tue, 16 Aug 2005 11:35:51 +0200
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: bluez-utils: Arbitrary command execution through inproper escaping in hcid's
 security.c

Package: bluez-utils
Severity: grave
Tags: security patch
Justification: user security hole

A vulnerability in hcid has been found. Please see this URL for details:
http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881
https://bugs.gentoo.org/show_bug.cgi?id=101557

Upstream fix available at:
http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34

This is CAN-2005-2547.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)