Arbitrary Command Execution via Bluetooth Device Name in BlueZ 2.16-2.18

Arbitrary Command Execution via Bluetooth Device Name in BlueZ 2.16-2.18

CVE-2005-2547 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.

Learn more about our Web Application Penetration Testing UK.