#VU8442 Out-of-bounds read in Red Hat Enterprise Linux for x86_64 - CVE-2017-1000250


Vulnerability identifier: #VU8442

Vulnerability risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-1000250

CWE-ID: CWE-125

Exploitation vector: Local network

Exploit availability: Yes

Vulnerable software:
Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor: Red Hat Inc.

Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists in the bluetoothd implementation of the Service Discovery Protocol (SDP) due to out-of-bounds heap read condition in the service_search_attr_req function. An adjacent attacker send specially crafted requests that has Bluetooth enabled in the SDP server and access sensitive information, such as encryption keys, from bluetoothd process memory.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.4

External links
https://access.redhat.com/security/cve/CVE-2017-1000250

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Out-of-bounds read in bluez (Alpine package)
Slackware Linux update for bluez
Information disclosure in Red Hat Enterprise Linux
Debian update for bluez
Arch Linux update for bluez
Ubuntu update for BlueZ
Red Hat update for bluez