Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: S-314: Vulnerability in Bluetooth Stack
Special Forums Cybersecurity Security Advisories (RSS) S-314: Vulnerability in Bluetooth Stack Post 302204805 by Linux Bot on Thursday 12th of June 2008 02:10:05 PM
Old 06-12-2008
S-314: Vulnerability in Bluetooth Stack
A remote code execution vulnerability exists in the Bluetooth stack in Microsoft Windows because the Bluetooth stack does not correctly handle a large nubmer of service description requests. The risk is MEDIUM. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulenrability could take complete contorl of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


More...
 

6 More Discussions You Might Find Interesting

1. Programming

what is stack winding and stack unwinding

helo can u tell me what do you mean by stack winding and stack unwinding Regards, Amit (2 Replies)
Discussion started by: amitpansuria
2 Replies

2. HP-UX

HP-UX to bluetooth printer

Wondering if anyone can point me in the right direction to get HP-UX (Ver 5.4 I believe) to send a print job to a bluetooth enabled printer. I can do it via TCP/IP but would like to have it also bluetooth capable when I don't have access to a network connection. Any idea? Thanks in advance. ... (0 Replies)
Discussion started by: RUNG41
0 Replies

3. Red Hat

Bluetooth in fedora

My system has bluetooth enabled in it. I have fedora o.s.. I can send data from my system to any other external devices which are bluetooth enabled. But from external devices, I can not send data into my laptop system. What can be done. Please guide. (0 Replies)
Discussion started by: manoj.b
0 Replies

4. Windows & DOS: Issues & Discussions

Bluetooth problem ...?

my bluetooth dongle (not branded ) is working fine with KDEBluetooth in opensuse 10.3 (linux) but it is not even detected in windows after installation of software given with dongle( IVT Bluesoleil) what is proble can any body give list of blue... (0 Replies)
Discussion started by: seshumohan
0 Replies

5. UNIX for Dummies Questions & Answers

Kernel Stack vs User Mode Stack

Hi, I am new to the linux kernel development area. I want to know what is the difference between kernel mode stack and user mode stack? Does each process has a user mode stack and a kernel mode stack?? Or Each process has a user mode stack and there is only one kernel mode stack that is shared by... (4 Replies)
Discussion started by: saurabhkoar
4 Replies

6. Linux

Bluetooth

I have a bluetooth device, and when i search for a device it doesnt show anything,i have downloaded bluman blueberry bluedevil bluez but nothng worked,im using linux mint 18.2. (2 Replies)
Discussion started by: Lee win
2 Replies

LEARN ABOUT FREEBSD

sdpd

SDPD(8) 						    BSD System Manager's Manual 						   SDPD(8)

NAME

     sdpd -- Bluetooth Service Discovery Protocol daemon

SYNOPSIS

     sdpd [-dh] [-c path] [-g group] [-u user]

DESCRIPTION

     The sdpd daemon keeps track of the Bluetooth services registered on the host and responds to Service Discovery inquiries from the remote
     Bluetooth devices.

     In order to use any service remote Bluetooth device need to send Service Search and Service Attribute or Service Search Attribute request
     over Bluetooth L2CAP connection on SDP PSM (0x0001).  The sdpd daemon will try to find matching Service Record in its Service Database and
     will send appropriate response back.  The remote device then will process the response, extract all required information and will make a sep-
     arate connection in order to use the service.

     Bluetooth applications, running on the host, register services with the local sdpd daemon.  Operation like service registration, service
     removal and service change are performed over the control socket.	It is possible to query entire content of the sdpd Service Database with
     sdpcontrol(8) by issuing browse command on the control socket.

     The command line options are as follows:

     -d      Do not detach from the controlling terminal.

     -c path
	     Specify path to the control socket.  The default path is /var/run/sdp.

     -g group
	     Specifies the group the sdpd should run as after it initializes.  The value specified may be either a group name or a numeric group
	     ID.  This only works if sdpd was started as root.	The default group name is ``nobody''.

     -h      Display usage message and exit.

     -u user
	     Specifies the user the sdpd should run as after it initializes.  The value specified may be either a user name or a numeric user ID.
	     This only works if sdpd was started as root.  The default user name is ``nobody''.

CAVEAT

     The sdpd daemon will listen for incoming L2CAP connections on a wildcard BD_ADDR.

     In case of multiple Bluetooth devices connected to the same host it is possible to specify which services should be ``bound'' to which Blue-
     tooth device.  Such assignment should be done at service registration time.

     Requests to register, remove or change service can only be made via the control socket.  The sdpd daemon will check peer's credentials and
     will only accept the request if the application has the same effective user ID as the ``root'' user ID.

     The sdpd daemon does not check for duplicated Service Records.  It only performs minimal checking on the service data sent in the Service
     Register request.	It is assumed that application must obtain all required resources such as RFCOMM channels etc., before registering the
     service.

FILES

     /var/run/sdp

SEE ALSO

     sdp(3), sdpcontrol(8)

AUTHORS

     Maksim Yevmenkin <m_evmenkin@yahoo.com>

BUGS

     Most likely.  Please report if found.

BSD
								 January 13, 2004							       BSD
All times are GMT -4. The time now is 01:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy