Mandrake Linux Security Advisory : bluez-utils (MDKSA-2007:014)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to
obtain control of the (1) Mouse and (2) Keyboard Human Interface
Device (HID) via a certain configuration of two HID (PSM) endpoints,
operating as a server, aka HidAttack.

hidd is not enabled by default on Mandriva 2006.0. This update adds
the --nocheck option (disabled by default) to the hidd binary, which
defaults to rejecting connections from unknown devices unless
--nocheck is enabled.

The updated packages have been patched to correct this problem

Solution :

Update the affected bluez-utils and / or bluez-utils-cups packages.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 24630 (mandrake_MDKSA-2007-014.nasl)

Bugtraq ID:

CVE ID: CVE-2006-6899

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now