Gentoo Linux Security Advisory GLSA 200903-29 - Insufficient input validation in BlueZ may lead to arbitrary code execution or a Denial of Service. It has been reported that the Bluetooth packet parser does not validate string length fields in SDP packets. Versions less than 3.36 are affected.
184f9a14664dd2c864cbcdbbb51cc6287248747445a5ee6b4aa4a2323828212aMandriva Linux Security Advisory - An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon. The updated packages have been patched to correct this issue.
098c92004b53ee8ddf3bf44c1df5f656dd2bb8d6bbae5fe23238712b98063f98
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed