Gentoo Logo

bluez-utils: Bluetooth device name validation vulnerability


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200508-09 / bluez-utils
Release Date August 17, 2005
Latest Revision August 17, 2005: 01
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-wireless/bluez-utils < 2.19 >= 2.19 All supported architectures

Related bugreports: #101557


Improper validation of Bluetooth device names can lead to arbitrary command execution.

2.  Impact Information


bluez-utils are the utilities for use with the BlueZ implementation of the Bluetooth wireless standards for Linux.


The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer.


An attacker could create a malicious device name on a Bluetooth device resulting in arbitrary commands being executed as root upon attempting to pair the device with the computer.

3.  Resolution Information


There are no known workarounds at this time.


All bluez-utils users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-2.19"

4.  References


Page updated August 17, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.