BlueZ: Arbitrary code execution

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200903-29 / bluez-utils bluez-libs
Release Date	March 16, 2009
Latest Revision	March 16, 2009: 01
Impact	normal
Exploitable	local, remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
net-wireless/bluez-utils	< 3.36	>= 3.36	All supported architectures
net-wireless/bluez-libs	< 3.36	>= 3.36	All supported architectures

Related bugreports: #230591

Synopsis

Insufficient input validation in BlueZ may lead to arbitrary code execution or a Denial of Service.

2. Impact Information

Background

BlueZ is a set of Bluetooth tools and system daemons for Linux.

Description

It has been reported that the Bluetooth packet parser does not validate string length fields in SDP packets.

Impact

A physically proximate attacker using a Bluetooth device with an already established trust relationship could send specially crafted requests, possibly leading to arbitrary code execution or a crash. Exploitation may also be triggered by a local attacker registering a service record via a UNIX socket or D-Bus interface.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All bluez-utils users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/bluez-utils-3.36"

All bluez-libs users should upgrade to the latest version:

Code Listing 3.2: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/bluez-libs-3.36"

4. References

CVE-2008-2374

Page updated March 16, 2009

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.