Return-Path: Subject: Re: [Bluez-devel] Possible security vulnerability in hcid when calling pin helper From: Marcel Holtmann To: bluez-devel@lists.sourceforge.net In-Reply-To: <42F34840.4070503@csr.com> References: <20050805050932.3111586d.henryk@ploetzli.ch> <1123211794.8331.104.camel@pegasus> <42F34840.4070503@csr.com> Content-Type: text/plain Message-Id: <1123240334.8331.112.camel@pegasus> Mime-Version: 1.0 Sender: bluez-devel-admin@lists.sourceforge.net Errors-To: bluez-devel-admin@lists.sourceforge.net Reply-To: bluez-devel@lists.sourceforge.net List-Unsubscribe: , List-Id: BlueZ development List-Post: List-Help: List-Subscribe: , List-Archive: Date: Fri, 05 Aug 2005 13:12:14 +0200 Hi Steven, > >> I just stumbled upon a bug in hcid that can possibly be used as a > >> security vulnerability: ... > > thanks for catching this problem. Do you have a fix for it? > > On behalf of everyone at Unplugfest with whom you've been doing security > testing, I'd just like to say, using my best impression of Nelson Muntz > from The Simpsons, "Ha Ha!". > > :-) what should I say? Sh* happens. I am still afraid of that day when I have to hack into BlueZ. And this day will come ;) Regards Marcel ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Bluez-devel mailing list Bluez-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bluez-devel