Mandriva Update For Bluez-utils MDKSA-2007:014 (bluez-utils) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. hidd is not enabled by default on Mandriva 2006.0. This update adds the --nocheck option (disabled by default) to the hidd binary, which defaults to rejecting connections from unknown devices unless --nocheck is enabled. The updated packages have been patched to correct this problem

Affected

bluez-utils on Mandriva Linux 2006.0, Mandriva Linux 2006.0/X86_64

Severity

Classification

CVE CVE-2006-6899

CVSS	Base Score: 5.4 AV:A/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:193 (ruby)
Mandrake Security Advisory MDVSA-2009:043 (gnumeric)
Mandrake Security Advisory MDVSA-2009:180 (compface)
Mandrake Security Advisory MDVSA-2009:192 (phpmyadmin)
Mandrake Security Advisory MDVSA-2009:038 (blender)

Mandriva Update for bluez-utils MDKSA-2007:014 (bluez-utils)

Take action and discover your vulnerabilities