Remote Code Execution Vulnerability in BlueZ Bluetooth Software by Texas Instruments
CVE-2005-2547

Currently unrated

Key Information:

Vendor: Bluez Project
Status: Bluez
Vendor: CVE Published:; 12 August 2005

🔔 Create Bluez Project Vulnerability Alert

What is CVE-2005-2547?

The security.c file in the hcid component of BlueZ versions 2.16, 2.17, and 2.18 contains a vulnerability allowing remote attackers to execute arbitrary commands. This exploitation occurs through shell metacharacters embedded within the Bluetooth device name during the interaction with the PIN helper, creating a critical security risk for affected systems. It is essential for users of these versions to apply necessary patches or updates to mitigate potential risks.

References

http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/se...

x_refsource_CONFIRM

http://secunia.com/advisories/16476

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2005/dsa-782

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2005
Vulnerability Reserved
Aug 12, 2005