Description
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.
Affected products
- BlueZ Project / BlueZ2.18 – 2.18
References
- MISChttp://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34
- VENDOR_ADVISORYhttp://secunia.com/advisories/16476
- VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-782
- MISChttps://bugs.gentoo.org/show_bug.cgi?id=101557
- MISChttp://www.gentoo.org/security/en/glsa/glsa-200508-09.xml
- VENDOR_ADVISORYhttp://secunia.com/advisories/16453
- MISChttp://www.securityfocus.com/bid/14572
- MISChttp://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881