CVE-2005-2547

Name of the Vulnerable Software and Affected Versions BlueZ versions 2.16 through 2.18 bluez-pcmcia-support (affected versions not specified) bluez-bcm203x (affected versions not specified) bluez-cups (affected versions not specified) bluez-utils (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the BlueZ package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, in versions 2.16, 2.17, and 2.18 of BlueZ, the security.c file in hcid allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Recommendations For BlueZ versions 2.16 through 2.18, consider updating to a version that contains a fix for this issue. For bluez-pcmcia-support, bluez-bcm203x, bluez-cups, and bluez-utils, at the moment, there is no information about a newer version that contains a fix for this vulnerability.