[Pkg-kde-extras] Bug#492797: kdebluetooth: may be security issue - phone added into paired/trusted devices can be accesses by any other local users

Sergey Burladyan eshkinkot at gmail.com
Mon Jul 28 21:32:47 UTC 2008 

Package: kdebluetooth
Version: 1.0~beta8-5
Severity: important

I have two users in my system, both of it have phone and when user1 add it
phone as "paired/trusted device" user2 also can full access to it.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (800, 'testing'), (800, 'stable'), (70, 'unstable'), (65, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF8, LC_CTYPE=ru_RU.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kdebluetooth depends on:
ii  bluez-utils          3.30-3              Bluetooth tools and daemons
ii  kdelibs4c2a          4:3.5.9.dfsg.1-4    core libraries and binaries for al
ii  libacl1              2.2.47-2            Access control list shared library
ii  libart-2.0-2         2.3.20-2            Library of functions for 2D graphi
ii  libattr1             1:2.4.41-1          Extended attribute shared library
ii  libaudio2            1.9.1-2             Network Audio System - shared libr
ii  libbluetooth2        3.36-1              Library to use the BlueZ Linux Blu
ii  libc6                2.7-10              GNU C Library: Shared libraries
ii  libdbus-1-3          1.2.1-2             simple interprocess messaging syst
ii  libdbus-qt-1-1c2     0.62.git.20060814-2 simple interprocess messaging syst
ii  libfontconfig1       2.6.0-1             generic font configuration library
ii  libfreetype6         2.3.6-1             FreeType 2 font engine, shared lib
ii  libgamin0 [libfam0]  0.1.9-2             Client library for the gamin file 
ii  libgcc1              1:4.3.1-2           GCC support library
ii  libice6              2:1.0.4-1           X11 Inter-Client Exchange library
ii  libidn11             1.8+20080606-1      GNU libidn library, implementation
ii  libjpeg62            6b-14               The Independent JPEG Group's JPEG 
ii  libkbluetooth0       1.0~beta8-5         Bluetooth library for KDE
ii  libopenobex1         1.3+cvs20070425-2   OBEX protocol library
ii  libpng12-0           1.2.27-1            PNG library - runtime
ii  libqt3-mt            3:3.3.8b-5          Qt GUI Library (Threaded runtime v
ii  libsm6               2:1.0.3-2           X11 Session Management library
ii  libstdc++6           4.3.1-2             The GNU Standard C++ Library v3
ii  libx11-6             2:1.1.4-2           X11 client-side library
ii  libxcursor1          1:1.1.9-1           X cursor management library
ii  libxext6             2:1.0.4-1           X11 miscellaneous extension librar
ii  libxft2              2.1.12-3            FreeType-based font drawing librar
ii  libxi6               2:1.1.3-1           X11 Input extension library
ii  libxinerama1         2:1.0.3-2           X11 Xinerama extension library
ii  libxrandr2           2:1.2.2-2           X11 RandR extension library
ii  libxrender1          1:0.9.4-2           X Rendering Extension client libra
ii  libxt6               1:1.0.5-3           X11 toolkit intrinsics library
ii  python-qt4           4.4.2-4             Python bindings for Qt4
ii  python-qt4-dbus      4.4.2-4             DBus Support for PyQt4
ii  zlib1g               1:1.2.3.3.dfsg-12   compression library - runtime

kdebluetooth recommends no packages.

-- no debconf information

More information about the pkg-kde-extras mailing list