CVE-2005-2277

Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://affix.sourceforge.net/affix_212_sec.patch
http://affix.sourceforge.net/affix_320_sec.patch
http://marc.info/?l=bugtraq&m=112119962704397&w=2
http://www.debian.org/security/2005/dsa-762
http://www.digitalmunition.com/DMA%5B2005-0712b%5D.txt
http://www.securityfocus.com/bid/14232

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nokia:affix:2.1.2:::::::*
	cpe:2.3:a:nokia:affix:3.2.0:::::::*

History

07 Nov 2023, 01:57

Type	Values Removed	Values Added
References	~~{'url': 'http://www.digitalmunition.com/DMA[2005-0712b].txt', 'name': 'http://www.digitalmunition.com/DMA[2005-0712b].txt', 'tags': ['Broken Link'], 'refsource': 'MISC'}~~	() http://www.digitalmunition.com/DMA%5B2005-0712b%5D.txt -

Information

Published : 2005-07-15 04:00

Updated : 2023-12-10 10:28

NVD link : CVE-2005-2277

Mitre link : CVE-2005-2277

CVE.ORG link : CVE-2005-2277

JSON object : View

Products Affected

nokia

affix

CWE

NVD-CWE-Other

10.0 /10