• info
• discussion
• exploit
• solution
• references

Nokia Affix BTSRV/BTOBEX Remote Command Execution Vulnerability

Solution:
Debian has released advisory DSA 762-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced advisory for further information.

The vendor has released patches:


Nokia Affix 2.1

• Debian affix_2.1.1-2_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_alp ha.deb


• Debian affix_2.1.1-2_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_arm .deb


• Debian affix_2.1.1-2_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_hpp a.deb


• Debian affix_2.1.1-2_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_i38 6.deb


• Debian affix_2.1.1-2_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_ia6 4.deb


• Debian affix_2.1.1-2_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_m68 k.deb


• Debian affix_2.1.1-2_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_mip s.deb


• Debian affix_2.1.1-2_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_mip sel.deb


• Debian affix_2.1.1-2_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_pow erpc.deb


• Debian affix_2.1.1-2_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_s39 0.deb


• Debian affix_2.1.1-2_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_spa rc.deb


• Debian libaffix-dev_2.1.1-2_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_alpha.deb


• Debian libaffix-dev_2.1.1-2_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_arm.deb


• Debian libaffix-dev_2.1.1-2_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_hppa.deb


• Debian libaffix-dev_2.1.1-2_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_i386.deb


• Debian libaffix-dev_2.1.1-2_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_ia64.deb


• Debian libaffix-dev_2.1.1-2_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_m68k.deb


• Debian libaffix-dev_2.1.1-2_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_mips.deb


• Debian libaffix-dev_2.1.1-2_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_mipsel.deb


• Debian libaffix-dev_2.1.1-2_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_powerpc.deb


• Debian libaffix-dev_2.1.1-2_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_s390.deb


• Debian libaffix-dev_2.1.1-2_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_sparc.deb


• Debian libaffix2_2.1.1-2_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _alpha.deb


• Debian libaffix2_2.1.1-2_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _arm.deb


• Debian libaffix2_2.1.1-2_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _hppa.deb


• Debian libaffix2_2.1.1-2_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _i386.deb


• Debian libaffix2_2.1.1-2_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _ia64.deb


• Debian libaffix2_2.1.1-2_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _m68k.deb


• Debian libaffix2_2.1.1-2_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _mips.deb


• Debian libaffix2_2.1.1-2_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _mipsel.deb


• Debian libaffix2_2.1.1-2_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _powerpc.deb


• Debian libaffix2_2.1.1-2_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _s390.deb

Nokia Affix 2.1.1

• Debian affix_2.1.1-2_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_amd 64.deb


• Debian libaffix-dev_2.1.1-2_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1. 1-2_amd64.deb


• Debian libaffix2_2.1.1-2_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2 _amd64.deb

Nokia Affix 2.1.2

• Nokia affix_212_sec.patch
  http://affix.sourceforge.net/affix_212_sec.patch

Nokia Affix 3.2

• Nokia affix_320_sec.patch
  http://affix.sourceforge.net/affix_320_sec.patch