bluez-utils: Bluetooth device name validation vulnerability Improper validation of Bluetooth device names can lead to arbitrary command execution. bluez-utils 2005-08-17 2005-08-17 101557 remote 2.19 2.19

bluez-utils are the utilities for use with the BlueZ implementation of the Bluetooth wireless standards for Linux.

The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer.

An attacker could create a malicious device name on a Bluetooth device resulting in arbitrary commands being executed as root upon attempting to pair the device with the computer.

There are no known workarounds at this time.

All bluez-utils users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-2.19" CAN-2005-2547 bluez-utils ChangeLog koon r2d2 jaervosz