Mandriva: Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability

07-15-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Mandriva: Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability

LinuxSecurity.com: An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon (CVE-2008-2374). The updated packages have been patched to correct this issue.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

BLUETOOTHD(8) System management commands BLUETOOTHD(8) NAME
bluetoothd - Bluetooth daemon SYNOPSIS
bluetoothd [ -n ] DESCRIPTION
This manual page documents briefly the bluetoothd daemon, which manages all the Bluetooth devices. bluetoothd itself does not accept many command-line options, as most of its configuration is done in the /etc/bluetooth/main.conf file, which has its own man page. bluetoothd can also provide a number of services via the D-Bus message bus system. OPTIONS
-n Don't run as daemon in background. -d Enable debug information output. -m mtu-size Use specific MTU size for SDP server. FILES
/etc/bluetooth/main.conf Default location of the global configuration file. /var/lib/bluetooth/nn:nn:nn:nn:nn:nn/linkkeys Default location for link keys of paired devices. The directory nn:nn:nn:nn:nn:nn is the address of the local device. The file is line separated, with the following columns separated by whitespace: nn:nn:nn:nn:nn:nn Remote device address. nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn Link key. n Link type integer. /var/lib/bluetooth/nn:nn:nn:nn:nn:nn/names Default location for the device name cache. The directory nn:nn:nn:nn:nn:nn is the address of the local device. The file is line separated, with the following columns separated by whitespace: nn:nn:nn:nn:nn:nn Remote device address. name Remote device name, terminated with newline. /var/lib/bluetooth/nn:nn:nn:nn:nn:nn/features Default location for the features cache. The directory nn:nn:nn:nn:nn:nn is the address of the local device. The file is line sepa- rated, with the following columns separated by whitespace: nn:nn:nn:nn:nn:nn Remote device address. nnnnnnnnnnnnnnnn Remote device LMP features coded as an 8 byte bitfield. /var/lib/bluetooth/nn:nn:nn:nn:nn:nn/manufacturers Default location for the manufacturers cache. The directory nn:nn:nn:nn:nn:nn is the address of the local device. The file is line separated, with the following columns separated by whitespace: nn:nn:nn:nn:nn:nn Remote device address. n Remote device manufacturer integer. n Remote device LMP version integer. n Remote device LMP sub-version integer. AUTHOR
This manual page was written by Marcel Holtmann, Philipp Matthias Hahn and Fredrik Noring. Bluetooth daemon March 2004 BLUETOOTHD(8)

Security Advisories (RSS)

Mandriva: Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability

LEARN ABOUT CENTOS

bluetoothd