PT-2017-2791 · Bluez+5 · Bluez+5

Publicado

2017-09-12

Atualizado

2019-02-28

CVE-2017-1000250

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlueZ versions 5.46 and earlier

Description The issue allows remote attackers to obtain sensitive information from the bluetoothd process memory due to an information disclosure vulnerability in the SDP server. This vulnerability is caused by the possibility of reading beyond the buffer memory boundaries. Exploitation of the vulnerability can allow a remote attacker to read memory bits using a specially crafted network request to the server. The obtained information can be used to bypass security measures and gain control over the device using other vulnerabilities.

Recommendations For BlueZ versions 5.46 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-125

Identificadores relacionados

ALT-PU-2017-2856

BDU:2017-02054

CESA-2017_2685

CVE-2017-1000250

DLA-1103-1

DSA-3972-1

ELSA-2017-2685

MGASA-2017-0350

RHSA-2017:2685

RHSA-2017_2685

SUSE-SU-2018:1778-1

SUSE-SU-2018_1778-1

SUSE-SU-2019:0510-1

SUSE-SU-2019_0510-1

USN-3413-1

Produtos afetados

Alt Linux

Bluez

Centos

Red Hat

Suse

Ubuntu

PT-2017-2791 · Bluez+5 · Bluez+5

CVE-2017-1000250

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 73