Package name
bluez-utils
Date
2007-01-15
Advisory ID
MDKSA-2007:014
Affected versions
2006.0 i586 , 2006.0 x86_64

Problem description

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to
obtain control of the (1) Mouse and (2) Keyboard Human Interface Device
(HID) via a certain configuration of two HID (PSM) endpoints, operating
as a server, aka HidAttack.

hidd is not enabled by default on Mandriva 2006.0. This update adds the
--nocheck option (disabled by default) to the hidd binary, which
defaults to rejecting connections from unknown devices unless --nocheck
is enabled.

The updated packages have been patched to correct this problem

Updated packages

2006.0 i586

 3e4cef35413fb07be1bf17be76e82ab0  2006.0/i586/bluez-utils-2.19-7.1.20060mdk.i586.rpm
 71fe8899bacb7cf75482f3deced101c4  2006.0/i586/bluez-utils-cups-2.19-7.1.20060mdk.i586.rpm 
 4d4e9c474520e55710458666c1624c24  2006.0/SRPMS/bluez-utils-2.19-7.1.20060mdk.src.rpm

2006.0 x86_64

 cf217ff41df2f2abd65b86c12c15177a  2006.0/x86_64/bluez-utils-2.19-7.1.20060mdk.x86_64.rpm
 26b6a142c00e22cb4fcb737f724b0bc1  2006.0/x86_64/bluez-utils-cups-2.19-7.1.20060mdk.x86_64.rpm 
 4d4e9c474520e55710458666c1624c24  2006.0/SRPMS/bluez-utils-2.19-7.1.20060mdk.src.rpm

References