CVE-2005-2547

critical

Description

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

References

https://bugs.gentoo.org/show_bug.cgi?id=101557

http://www.securityfocus.com/bid/14572

http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml

http://www.debian.org/security/2005/dsa-782

http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881

http://secunia.com/advisories/16476

http://secunia.com/advisories/16453

http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34

Details

Source: Mitre, NVD

Published: 2005-08-12

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01141

Detections

Analytics