MDKSA-2007:014
- Package name
- bluez-utils
- Date
- 2007-01-15
- Advisory ID
- MDKSA-2007:014
- Affected versions
- 2006.0 i586 , 2006.0 x86_64
Problem description
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to
obtain control of the (1) Mouse and (2) Keyboard Human Interface Device
(HID) via a certain configuration of two HID (PSM) endpoints, operating
as a server, aka HidAttack.
hidd is not enabled by default on Mandriva 2006.0. This update adds the
--nocheck option (disabled by default) to the hidd binary, which
defaults to rejecting connections from unknown devices unless --nocheck
is enabled.
The updated packages have been patched to correct this problem
Updated packages
2006.0 i586
3e4cef35413fb07be1bf17be76e82ab0 2006.0/i586/bluez-utils-2.19-7.1.20060mdk.i586.rpm 71fe8899bacb7cf75482f3deced101c4 2006.0/i586/bluez-utils-cups-2.19-7.1.20060mdk.i586.rpm 4d4e9c474520e55710458666c1624c24 2006.0/SRPMS/bluez-utils-2.19-7.1.20060mdk.src.rpm
2006.0 x86_64
cf217ff41df2f2abd65b86c12c15177a 2006.0/x86_64/bluez-utils-2.19-7.1.20060mdk.x86_64.rpm 26b6a142c00e22cb4fcb737f724b0bc1 2006.0/x86_64/bluez-utils-cups-2.19-7.1.20060mdk.x86_64.rpm 4d4e9c474520e55710458666c1624c24 2006.0/SRPMS/bluez-utils-2.19-7.1.20060mdk.src.rpm