CVE-2005-2547
CVSS7.5
发布时间 :2005-08-12 00:00:00
修订时间 :2008-09-05 16:52:03
NMCOPS    

[原文]security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.


[CNNVD]BlueZ 'security.c'任意命令执行漏洞 (CNNVD-200508-112)

        用于BlueZ 2.16,2.17和2.18版本的hcid中的security.c远程攻击者可以借助于蓝牙设备名称(当调用PIN helper时)中的shell元字符执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2547
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2547
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-112
(官方数据源) CNNVD

- 其它链接及资源

https://bugs.gentoo.org/show_bug.cgi?id=101557
(VENDOR_ADVISORY)  CONFIRM  https://bugs.gentoo.org/show_bug.cgi?id=101557
http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881
(VENDOR_ADVISORY)  MLIST  [bluez-devel] 20050804 Possible security vulnerability in hcid when calling pin helper
http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34
(PATCH)  CONFIRM  http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34
http://www.securityfocus.com/bid/14572
(UNKNOWN)  BID  14572
http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml
(UNKNOWN)  GENTOO  GLSA-200508-09
http://www.debian.org/security/2005/dsa-782
(UNKNOWN)  DEBIAN  DSA-782
http://secunia.com/advisories/16476
(UNKNOWN)  SECUNIA  16476
http://secunia.com/advisories/16453
(UNKNOWN)  SECUNIA  16453

- 漏洞信息

BlueZ 'security.c'任意命令执行漏洞
高危 输入验证
2005-08-12 00:00:00 2005-10-20 00:00:00
远程  
        用于BlueZ 2.16,2.17和2.18版本的hcid中的security.c远程攻击者可以借助于蓝牙设备名称(当调用PIN helper时)中的shell元字符执行任意命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        BlueZ BlueZ 1.24
        BlueZ bluez-libs-2.19.tar.gz
        http://www.bluez.org/redirect.php?url=http%3A%2F%2Fbluez.sf.net%2Fdown load%2Fbluez-libs-2.19.tar.gz
        BlueZ bluez-utils-2.19.tar.gz
        http://www.bluez.org/redirect.php?url=http%3A%2F%2Fbluez.sf.net%2Fdown load%2Fbluez-utils-2.19.tar.gz
        BlueZ BlueZ 2.11
        Conectiva bluez-utils-2.11-71173U10_4cl.i386.rpm
        Conectiva 10.0
        ftp://atualizacoes.conectiva.com.br/10/RPMS/bluez-utils-2.11-71173U10_ 4cl.i386.rpm
        Conectiva bluez-utils-2.11-71173U10_4cl.i386.rpm
        Conectiva 10
        ftp://atualizacoes.conectiva.com.br/10/RPMS/bluez-utils-2.11-71173U10_ 4cl.i386.rpm
        BlueZ BlueZ 2.15
        Debian bluez-bcm203x_2.15-1.1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_alpha.deb
        Debian bluez-bcm203x_2.15-1.1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_amd64.deb
        Debian bluez-bcm203x_2.15-1.1_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_arm.deb
        Debian bluez-bcm203x_2.15-1.1_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_hppa.deb
        Debian bluez-bcm203x_2.15-1.1_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_i386.deb
        Debian bluez-bcm203x_2.15-1.1_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_ia64.deb
        Debian bluez-bcm203x_2.15-1.1_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_m68k.deb
        Debian bluez-bcm203x_2.15-1.1_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_mips.deb
        Debian bluez-bcm203x_2.15-1.1_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_mipsel.deb
        Debian bluez-bcm203x_2.15-1.1_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_powerpc.deb
        Debian bluez-bcm203x_2.15-1.1_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_s390.deb
        Debian bluez-bcm203x_2.15-1.1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bc m203x_2.15-1.1_sparc.deb
        Debian bluez-cups_2.15-1.1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_ 2.15-1.1_alpha.deb
        Debian bluez-cups_2.15-1.1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_ 2.15-1.1_amd64.deb
        Debian bluez-cups_2.15-1.1_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_ 2.15-1.1_arm.deb
        Debian bluez-cups_2.15-1.1_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_ 2.15-1.1_hppa.deb
        Debian bluez-cups_2.15-1.1_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_ 2.15-1.1_i386.deb
        Debian bluez-cups_2.15-1.1_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_ 2.15-1.1_ia64.deb
        Debian bluez-cups_2.15-1.1_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_ 2.15-1.1_m68k.deb
        Debian bluez-cups_2.15-1.1_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_ 2.15-1.1_mips.deb
        Debian bluez-cups_2.15-1.1_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debi

- 漏洞信息 (F39553)

Debian Linux Security Advisory 782-1 (PacketStormID:F39553)
2005-08-24 00:00:00
Debian  debian.org
advisory,remote,arbitrary
linux,debian
CVE-2005-2547
[点击下载]

Debian Security Advisory DSA 782-1 - Due to missing input sanitization in the bluez-utils package, it is possible for an attacker to execute arbitrary commands supplied as the device name from the remote device.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 782-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 23rd, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : bluez-utils
Vulnerability  : missing input sanitising
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-2547
Debian Bug     : 323365

Henryk Pl    

- 漏洞信息 (F39457)

Gentoo Linux Security Advisory 200508-9 (PacketStormID:F39457)
2005-08-18 00:00:00
Gentoo  security.gentoo.org
advisory,remote
linux,gentoo
CVE-2005-2547
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-09 - The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Versions less than 2.19 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: bluez-utils: Bluetooth device name validation vulnerability
      Date: August 17, 2005
      Bugs: #101557
        ID: 200508-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Improper validation of Bluetooth device names can lead to arbitrary
command execution.

Background
==========

bluez-utils are the utilities for use with the BlueZ implementation of
the Bluetooth wireless standards for Linux.

Affected packages
=================

    -------------------------------------------------------------------
     Package                   /  Vulnerable  /             Unaffected
    -------------------------------------------------------------------
  1  net-wireless/bluez-utils       < 2.19                     >= 2.19

Description
===========

The name of a Bluetooth device is improperly validated by the hcid
utility when a remote device attempts to pair itself with a computer.

Impact
======

An attacker could create a malicious device name on a Bluetooth device
resulting in arbitrary commands being executed as root upon attempting
to pair the device with the computer.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All bluez-utils users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-2.19"

References
==========

  [ 1 ] CAN-2005-2547
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547
  [ 2 ] bluez-utils ChangeLog
        http://cvs.sourceforge.net/viewcvs.py/bluez/utils/ChangeLog?rev=1.28&view=markup

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-09.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

18770
BlueZ Crafted Device Name Arbitrary Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-08-04 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

BlueZ Arbitrary Command Execution Vulnerability
Input Validation Error 14572
Yes No
2005-08-16 12:00:00 2009-07-12 05:06:00
Henryk Plötz is credited with the discovery of this vulnerability.

- 受影响的程序版本

Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
BlueZ BlueZ 2.15
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
BlueZ BlueZ 2.11
BlueZ BlueZ 1.24
BlueZ BlueZ 2.19

- 不受影响的程序版本

BlueZ BlueZ 2.19

- 漏洞讨论

BlueZ is affected by an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation of this vulnerability will permit an attacker to execute arbitrary commands on the system hosting the affected application in the security context of the application. This may aid in further attacks against the underlying system; other attacks are also possible.

- 漏洞利用

No exploit is required.

- 解决方案

Gentoo Linux has released security advisory GLSA 200508-09 addressing this issue. Gentoo recommends all bluez-utils users should upgrade to the latest version:

emerge --sync
emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-2.19"

Debian GNU/Linux has released advisory DSA 782-1, along with fixes to address this issue. Please see the referenced advisory for further information.

Mandriva has released advisory MDKSA-2005:150 and fixes to address this issue. Please see the referenced advisory for links to fixes.

Conectiva has released security advisory CLSA-2005:1001 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

The vendor has addressed this issue in version 2.19:


BlueZ BlueZ 1.24

BlueZ BlueZ 2.11

BlueZ BlueZ 2.15

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站