Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Affix | Nokia | 2.1.2 (including) | 2.1.2 (including) |
| Affix | Nokia | 3.2.0 (including) | 3.2.0 (including) |
| Affix | Ubuntu | dapper | * |
| Affix | Ubuntu | edgy | * |
| Affix | Ubuntu | feisty | * |
References
- http://affix.sourceforge.net/affix_212_sec.patch
- http://affix.sourceforge.net/affix_320_sec.patch
- http://marc.info/?l=bugtraq\u0026m=112119962704397\u0026w=2
- http://www.debian.org/security/2005/dsa-762
- http://www.digitalmunition.com/DMA%5B2005-0712b%5D.txt
- http://www.securityfocus.com/bid/14232
- http://affix.sourceforge.net/affix_212_sec.patch
- http://affix.sourceforge.net/affix_320_sec.patch
- http://marc.info/?l=bugtraq\u0026m=112119962704397\u0026w=2
- http://www.debian.org/security/2005/dsa-762
- http://www.digitalmunition.com/DMA%5B2005-0712b%5D.txt
- http://www.securityfocus.com/bid/14232