CVE-2005-2716

Name of the Vulnerable Software and Affected Versions libaffix-dev versions (affected versions not specified) affix versions (affected versions not specified) libaffix2 versions (affected versions not specified) Nokia Affix versions 2.1.2 through 3.2.0

Description The issue concerns multiple vulnerabilities in the libaffix-dev, libaffix2, and affix packages of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the event pin code request function in the btsrv daemon of Nokia Affix is vulnerable to remote command execution via shell metacharacters in a Bluetooth device name.

Recommendations For libaffix-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For affix, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For libaffix2, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Nokia Affix versions 2.1.2 through 3.2.0, consider restricting access to the event pin code request function in the btsrv daemon to minimize the risk of exploitation.