Oracle Linux 4 : bluez-utils (ELSA-2007-0065)
Medium Nessus Plugin ID 67448
SynopsisThe remote Oracle Linux host is missing one or more security updates.
DescriptionFrom Red Hat Security Advisory 2007:0065 :
Updated bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The bluez-utils package contains Bluetooth daemons and utilities.
A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker would have been able to inject keyboard and mouse events via a Bluetooth connection without any authorization. (CVE-2006-6899)
Note that Red Hat Enterprise Linux does not come with the Bluetooth HID daemon enabled by default.
Users of bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue.
SolutionUpdate the affected bluez-utils packages.