Nokia Affix device name command execution
| nokia-devicename-command-execution (22034) |  High Risk |
Description:
Nokia's Affix Bluetooth could allow a remote attacker to execute arbitrary commands caused by a vulnerability in the event_pin_code_request function. By using a wireless connection, a remote attacker could send a specially-crafted Bluetooth device name and execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
Apply the affix_320_sec and affix_212_sec patch for this vulnerability, available from the Affix Web site. See References.
For Debian GNU/Linux 3.1 (sarge):Upgrade to the latest version of Affix (2.1.1-3 or later), as listed in DSA-796-1. See References. For other distributions:
Contact your vendor for upgrade or patch information.
References:
- Affix Web site: Welcome to the Affix web site - Bluetooth Protocol Stack for Linux.
- Digital Munition Security Advisory DMA[2005-0826a]: 'Nokia Affix Bluetooth btsrv poor use of popen().
- BID-14672: Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability
- CVE-2005-2716: The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
- DSA-796: affix -- remote command execution
- SA16574: Affix Device Name Shell Command Injection Vulnerability
Platforms Affected:
- Debian Debian Linux 3.1
- Nokia Affix 2.1.2
- Nokia Affix 3.2.0
Reported:
Aug 29, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net