CVE-2005-2547 | Vulnerability Database | Aqua Security

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Affected Software

Name	Vendor	Start Version	End Version
Bluez	Bluez_project	2.18 (including)	2.18 (including)

References

http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31\u0026r2=1.34
http://secunia.com/advisories/16453
http://secunia.com/advisories/16476
http://sourceforge.net/mailarchive/forum.php?thread_id=7893206\u0026forum_id=1881
http://www.debian.org/security/2005/dsa-782
http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml
http://www.securityfocus.com/bid/14572
https://bugs.gentoo.org/show_bug.cgi?id=101557
http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31\u0026r2=1.34
http://secunia.com/advisories/16453
http://secunia.com/advisories/16476
http://sourceforge.net/mailarchive/forum.php?thread_id=7893206\u0026forum_id=1881
http://www.debian.org/security/2005/dsa-782
http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml
http://www.securityfocus.com/bid/14572
https://bugs.gentoo.org/show_bug.cgi?id=101557

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2547
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html