CVE-2005-2547 Information

Description

security.c in hcid for BlueZ 2.16 2.17 and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Reference

http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34 http://secunia.com/advisories/16453 http://secunia.com/advisories/16476 http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881 http://www.debian.org/security/2005/dsa-782 http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml http://www.securityfocus.com/bid/14572 https://bugs.gentoo.org/show_bug.cgi?id=101557