Mandrake Linux Security Advisory : bluez-utils (MDKSA-2007:014)
Medium Nessus Plugin ID 24630
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
Descriptionhidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
hidd is not enabled by default on Mandriva 2006.0. This update adds the --nocheck option (disabled by default) to the hidd binary, which defaults to rejecting connections from unknown devices unless
--nocheck is enabled.
The updated packages have been patched to correct this problem
SolutionUpdate the affected bluez-utils and / or bluez-utils-cups packages.