Debians sikkerhedsbulletin
DSA-782-1 bluez-utils -- manglende kontrol af inddata
- Rapporteret den:
- 23. aug 2005
- Berørte pakker:
- bluez-utils
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 323365.
I Mitres CVE-ordbog: CVE-2005-2547. - Yderligere oplysninger:
-
Henryk Plötz har opdaget en sårbarhed i bluez-utils, værktøjer og dæmoner til Bluetooth. På grund af manglende kontrol af inddata var det muligt for en angriber at udføre vilkårlige kommandoer leveret som et devicenavn fra et fjernt device.
Den gamle stabile distribution (woody) er ikke påvirket af dette problem, da den ikke indeholder bluez-utils-pakker.
I den stabile distribution (sarge) er dette problem rettet i version 2.15-1.1.
I den ustabile distribution (sid) er dette problem rettet i version 2.19-1.
Vi anbefaler at du opgraderer din bluez-utils-pakke.
- Rettet i:
-
Debian GNU/Linux 3.1 (sarge)
- Kildekode:
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.dsc
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.diff.gz
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15.orig.tar.gz
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_amd64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_amd64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_amd64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_arm.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_arm.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_arm.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_arm.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_i386.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_i386.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_i386.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_i386.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mips.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mips.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mips.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mips.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_s390.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_s390.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_s390.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.