BlueZ SDP Payload Processing Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	30105
Class:	Boundary Condition Error
CVE:	CVE-2008-2374
Remote:	Yes
Local:	No
Published:	Jun 16 2008 12:00AM
Updated:	Apr 13 2015 09:59PM
Credit:	Glenn Durfee
Vulnerable:	S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Gentoo Linux BlueZ bluez-utils 3.34 BlueZ bluez-libs 3.34 BlueZ BlueZ 3.34
Not Vulnerable:	BlueZ bluez-utils 3.35 BlueZ bluez-libs 3.35

BlueZ SDP Payload Processing Multiple Buffer Overflow Vulnerabilities

BlueZ is prone to multiple buffer-overflow vulnerabilities.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed attempts will result in a denial-of-service condition.

BlueZ 3.34 and prior versions are affected.

BlueZ SDP Payload Processing Multiple Buffer Overflow Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

BlueZ SDP Payload Processing Multiple Buffer Overflow Vulnerabilities

Solution:
The vendor has released an update. Please see the references for more information.

BlueZ SDP Payload Processing Multiple Buffer Overflow Vulnerabilities

References:

• BlueZ Homepage (BlueZ)
  
• SDP payload processing vulnerability (Glenn Durfee)
  
• RHSA-2008:0581-5 Moderate: bluez-libs and bluez-utils security update (Red Hat)