Bug#408889: [Pkg-bluetooth-maintainers] Bug#408889: CVE-2006-6899: bluez-utils: HID Insecure Device Connection Vulnerability

Filippo Giunchedi filippo at debian.org
Wed Jan 31 11:26:03 UTC 2007


On Sun, Jan 28, 2007 at 08:49:52PM -0300, Alex de Oliveira Silva wrote:
> Hi,
> Maybe the bluez-utils version 2.15-1.1 is vulnerable.
> 
> Description:
> The vulnerability is caused due to the HID host accepting device
> connections without authentication. This can be exploited to insert a
> new device (e.g. keyboard, mouse) and take control of the affected
> system.
> 
> Reference:
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6899
> http://www.securityfocus.com/archive/1/archive/1/455889/100/0/threaded
> 
> Note:
> Please mention the CVE id in the changelog.

thanks!
I'm CC security to see if it is the case for a security upload

thanks,
filippo
--
Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:

Age is not a particularly interesting subject. Anyone can get old. All
you have to do is live long enough.
-- Groucho Marx




More information about the Pkg-bluetooth-maintainers mailing list