CVE-2016-9803
https://notcve.org/view.php?id=CVE-2016-9803
In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. En BlueZ 5.42, una lectura fuera de límites ha sido observada en la función "le_meta_ev_dump" en la fuente de archivo "tools/parser/hci.c". Este problema existe debido a que 'subevent' (que es usado para leer correctamente elementos del array 'ev_le_meta_str') está desbordado. • http://www.securityfocus.com/bid/94652 https://www.spinics.net/lists/linux-bluetooth/msg68892.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2016-9799
https://notcve.org/view.php?id=CVE-2016-9799
In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. En BlueZ 5.42, se ha observado un desbordamiento de búfer en la función "pklg_read_hci" en la fuente de archivo "btsnoop.c". Este problema puede ser desencadenado procesando un archivo de volcado corrupto que resulta en una caída de btmon. • http://www.securityfocus.com/bid/94652 https://www.spinics.net/lists/linux-bluetooth/msg68898.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-6899 – BlueZ 1.x/2.x - HIDD Bluetooh HID Command Injection
https://notcve.org/view.php?id=CVE-2006-6899
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. hidd en BlueZ (bluez-utils) anterior a 2.25 permite a atacantes remotos obtener el control de los Dispositivos de Interfaz Humana (HID) del (1) Ratón y (2) Teclado mediante una determinada configuración de dos extremos HID (PSM) (HID endpoints), operando como servidor, también conocido como HidAttack. • https://www.exploit-db.com/exploits/29471 http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf http://mulliner.org/bluetooth/hidattack.php http://osvdb.org/32830 http://secunia.com/advisories/23747 http://secunia.com/advisories/23798 http://secunia.com/advisories/23879 http://secunia.com/advisories/25264 http://www.mandriva.com/security/advisories?name=MDKSA-2007:014 http://www.redhat.com/support/errata/RHSA-2007-0065.html http://www • CWE-16: Configuration •
CVE-2005-2547
https://notcve.org/view.php?id=CVE-2005-2547
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. • http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34 http://secunia.com/advisories/16453 http://secunia.com/advisories/16476 http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881 http://www.debian.org/security/2005/dsa-782 http://www.gentoo.org/security/en/glsa/glsa-200508-09.xml http://www.securityfocus.com/bid/14572 https://bugs.gentoo.org/show_bug.cgi?id=101557 •