Vulnerabilities > CVE-2005-2716 - Remote Command Execution vulnerability in Nokia Affix BTSRV Device Name
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-796.NASL |
description | Kevin Finisterre reports that affix, a package used to manage bluetooth sessions under Linux, uses the popen call in an unsafe fashion. A remote attacker can exploit this vulnerability to execute arbitrary commands on a vulnerable system. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19566 |
published | 2005-09-06 |
reporter | This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19566 |
title | Debian DSA-796-1 : affix - remote command execution |
code |
|
References
- http://affix.sourceforge.net/patch_btsrv_affix_2_1_2
- http://affix.sourceforge.net/patch_btsrv_affix_3_2_0
- http://marc.info/?l=bugtraq&m=112511370326063&w=2
- http://secunia.com/advisories/16574/
- http://www.debian.org/security/2005/dsa-796
- http://www.digitalmunition.com/DMA%5B2005-0826a%5D.txt
- http://www.securityfocus.com/bid/14672
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22034