vulnerability
Oracle Linux: CVE-2017-1000250: ELSA-2017-2685: bluez security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:L/Au:N/C:C/I:N/A:N) | 2017-09-12 | 2017-09-13 | 2024-11-29 |
Severity
6
CVSS
(AV:A/AC:L/Au:N/C:C/I:N/A:N)
Published
2017-09-12
Added
2017-09-13
Modified
2024-11-29
Description
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.
Solution(s)
oracle-linux-upgrade-bluezoracle-linux-upgrade-bluez-alsaoracle-linux-upgrade-bluez-compatoracle-linux-upgrade-bluez-cupsoracle-linux-upgrade-bluez-gstreameroracle-linux-upgrade-bluez-hid2hcioracle-linux-upgrade-bluez-libsoracle-linux-upgrade-bluez-libs-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.