CVE-2017-9079 BlueZ before 5.60 allows physically proximate attackers to obtain sensitive information via a crafted call because the dial command does not verify that a particular string is present in the caller ID.
CVE-2017-9417 In BlueZ before 5.60, there is a NULL pointer dereference in function hci_msm_read_data().
CVE-2017-9416 In BlueZ before 5.60, there is a potential stack buffer overflow in the wma_set_property_len function in hw/net/wpa.c.
CVE-2017-9409 BlueZ before 5.60 allows remote attackers to cause a denial of service (memory consumption) via a series of pskps that require a large number of retries.
CVE-2017-9413 In BlueZ before 5.60, there is a NULL pointer dereference in the parse_location_report function in hw/net/bluetooth.c.
CVE-2017-9412 In BlueZ before 5.60, there is a potential out-of-bound read in the parse_location_report function in hw/net/bluetooth.c.
CVE-2017-9409 BlueZ before 5.60 allows remote attackers to cause a denial of service (memory consumption) via a series of pskps that require a large number of retries.
Sandelman Kochenbroich security researcher came across a few vulnerabilities in BlueZ
These vulnerabilities, collectively known as CVE-2017-9409, are severe, and could allow for remote code execution if exploited. The researcher has provided proof-of-concept exploit code that is able to take control of the system.
BlueZ is an open source Bluetooth protocol stack used by Linux and other operating systems. It provides services such as - GATT Server (Bluetooth Low Energy), BNEP (Bluetooth Network Encapsulation Protocol), HCI (Host Controller Interface), BNEP (Bluetooth Network Encapsulation Protocol), SDP server/client, SCO for audio codec configuration, etc.
According to the BlueZ website: "BlueZ is developed by SUSE Linux Products GmbH and its predecessor companies." It's not clear who created the vulnerabilities or if there are any other issues. The vulnerability report states that BlueZ had been released in 2005 and 2016.
Bugtraq Message Handling
A vulnerability in the handling of Bluetooth packets for BlueZ, a Linux Bluetooth system, has been found and addressed.
The vulnerability is caused by an out-of-bounds read when parsing certain location report packets. Anyone who can send these packets to a vulnerable BlueZ client will cause a denial of service attack on the vulnerable device. The attack is not limited to Bluetooth enabled devices such as phones or laptops, it can also be done over any network connection.
The vulnerability affects only BlueZ versions before 5.60. This version fixes the issue and is recommended for use on all systems that have not already been updated to BlueZ 5.60 or later. Users running older versions of BlueZ should update their systems as soon as possible to mitigate this risk.
How do I find the latest stable BlueZ release?
You can use the BlueZ package manager to download the latest stable release.
BlueZ Package Manager: https://wiki.bluez.org/wiki/Package_Manager
Product graphic is shown when using BlueZ on the iOS system
Timeline
Published on: 09/02/2022 04:15:00 UTC
Last modified on: 09/07/2022 18:09:00 UTC