Vigil@nce: BlueZ, memory corruption
July 2008 by Vigil@nce
SYNTHESIS
A malicious SDP server can create a denial of service and
eventually execute code on BlueZ client.
Gravity: 2/4
Consequences: privileged access/rights, denial of service of
service
Provenance: radio connection
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/07/2008
Identifier: VIGILANCE-VUL-7946
IMPACTED PRODUCTS
– Mandriva Linux [confidential versions]
– Red Hat Enterprise Linux [confidential versions]
– Unix - plateform
DESCRIPTION
The BlueZ suite implements the Bluetooth protocol for Linux.
The sdp_extract_pdu() function of the src/sdp.c file does not
correctly validate SDP packets, which leads to memory corruptions.
This function is called by the client part of BlueZ.
A malicious SDP server can therefore create a denial of service
and eventually execute code on the BlueZ client.
CHARACTERISTICS
Identifiers: CVE-2008-2374, MDVSA-2008:145, RHSA-2008:0581-01,
VIGILANCE-VUL-7946
https://vigilance.aql.fr/tree/1/7946