Information disclosure in Red Hat Enterprise Linux
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-1000250 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU8442
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-1000250
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists in the bluetoothd implementation of the Service Discovery Protocol (SDP) due to out-of-bounds heap read condition in the service_search_attr_req function. An adjacent attacker send specially crafted requests that has Bluetooth enabled in the SDP server and access sensitive information, such as encryption keys, from bluetoothd process memory.
Successful exploitation of the vulnerability results in information disclosure.
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.
Vulnerable software versionsRed Hat Enterprise Linux for x86_64: 6 - 7.4
External linkshttp://access.redhat.com/security/cve/CVE-2017-1000250
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
