Home > Security > Advisories

Advisories

Mandriva Advisories

Package name bluez-utils
Date August 25th, 2005
Advisory ID MDKSA-2005:150
Affected versions 10.0, 10.1, CS3.0, 10.2
Synopsis Updated bluez-utils packages fix vulnerability

Problem Description

A vulnerability in bluez-utils was discovered by Henryk Plotz. Due to
missing input sanitizing, it was possible for an attacker to execute
arbitrary commands supplied as a device name from the remote bluetooth
device.

The updated packages have been patched to correct this problem.

Updated Packages

Mandrakelinux 10.0

 a363e2012cbf365604147ea094d48e51  10.0/RPMS/bluez-utils-2.4-4.1.100mdk.i586.rpm
b9836323e7edaefa139dbf803ed5b11a  10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 0c14d3c62ccbb9c53f88f41129883226  amd64/10.0/RPMS/bluez-utils-2.4-4.1.100mdk.amd64.rpm
b9836323e7edaefa139dbf803ed5b11a  amd64/10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

Mandrakelinux 10.1

 ae95bbad5bb67d20a6d209500c729062  10.1/RPMS/bluez-utils-2.10-3.1.101mdk.i586.rpm
15c9d82af6f029699f5f17901277b4f5  10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.i586.rpm
e612f6d35745cba68c362003a4c163e4  10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 c63fc9b66c8a6886602fcc34dcc82f0b  x86_64/10.1/RPMS/bluez-utils-2.10-3.1.101mdk.x86_64.rpm
d27d581f66ed0f4d23ad627f836e86f1  x86_64/10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.x86_64.rpm
e612f6d35745cba68c362003a4c163e4  x86_64/10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

Corporate Server 3.0

 e9db54c7ed37293e88f9a6a296ef5aa2  corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.i586.rpm
68ecbc8a999f219d5613b5ddc3aed4df  corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 6cd0acb52a764d5ed594b616c0947db4  x86_64/corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.x86_64.rpm
68ecbc8a999f219d5613b5ddc3aed4df  x86_64/corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm

Mandriva Linux LE2005

 f909df9003986b72b21a95044298ddba  10.2/RPMS/bluez-utils-2.14-1.1.102mdk.i586.rpm
c3a06b22a142cb1a5b3f9d07e7acc65f  10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.i586.rpm
c8e48eedc86d6f3dc5e1aa97d4b819fd  10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 1dccad3836e309b8046d677eccc96cc5  x86_64/10.2/RPMS/bluez-utils-2.14-1.1.102mdk.x86_64.rpm
76ace2f605fccfb1570c3f74d6c1a5ef  x86_64/10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.x86_64.rpm
c8e48eedc86d6f3dc5e1aa97d4b819fd  x86_64/10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.