Out-of-bounds read in Red Hat Enterprise Linux for x86_64 - CVE-2017-1000250
Published: September 15, 2017
Vulnerability identifier: #VU8442
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-1000250
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
Public exploit is available
Vendor: Red Hat Inc.
Affected software:
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux for x86_64
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists in the bluetoothd implementation of the Service Discovery Protocol (SDP) due to out-of-bounds heap read condition in the service_search_attr_req function. An adjacent attacker send specially crafted requests that has Bluetooth enabled in the SDP server and access sensitive information, such as encryption keys, from bluetoothd process memory.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists in the bluetoothd implementation of the Service Discovery Protocol (SDP) due to out-of-bounds heap read condition in the service_search_attr_req function. An adjacent attacker send specially crafted requests that has Bluetooth enabled in the SDP server and access sensitive information, such as encryption keys, from bluetoothd process memory.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-1000250
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.