Vulnerabilities > CVE-2008-2374 - Improper Validation of Specified Quantity in Input vulnerability in multiple products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bluez

fedoraproject

CWE-1284

nessus

NVD

Published: 2008-07-07

Updated: 2024-02-13

Summary

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Vulnerable Configurations

Part	Description	Count
Application	Bluez Bluez Bluez Libs - Bluez Bluez Libs 3.33 Bluez Bluez Utils - Bluez Bluez Utils 3.33	4
OS	Fedoraproject Fedoraproject Fedora 9 Fedoraproject Fedora 8	2

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-145.NASL
description	An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon (CVE-2008-2374). The updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	37587
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37587
title	Mandriva Linux Security Advisory : bluez (MDVSA-2008:145)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:145. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(37587); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2008-2374"); script_bugtraq_id(30105); script_xref(name:"MDVSA", value:"2008:145"); script_name(english:"Mandriva Linux Security Advisory : bluez (MDVSA-2008:145)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon (CVE-2008-2374). The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bluez-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bluez-utils-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bluez-utils-cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bluez-utils-gstreamer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64bluez-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64bluez2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64bluez2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libbluez-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libbluez2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libbluez2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.1", reference:"bluez-utils-3.9-5.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"bluez-utils-cups-3.9-5.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64bluez2-3.9-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64bluez2-devel-3.9-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libbluez2-3.9-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libbluez2-devel-3.9-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"bluez-utils-3.15-3.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"bluez-utils-cups-3.15-3.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64bluez-devel-3.15-1.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64bluez2-3.15-1.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libbluez-devel-3.15-1.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libbluez2-3.15-1.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"bluez-utils-3.28-1.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"bluez-utils-alsa-3.28-1.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"bluez-utils-cups-3.28-1.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", reference:"bluez-utils-gstreamer-3.28-1.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64bluez-devel-3.28-1.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64bluez2-3.28-1.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libbluez-devel-3.28-1.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libbluez2-3.28-1.1mdv2008.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0581.NASL
description	Updated bluez-libs and bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX(r) socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	33497
published	2008-07-15
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33497
title	RHEL 4 / 5 : bluez-libs and bluez-utils (RHSA-2008:0581)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0581. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(33497); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-2374"); script_bugtraq_id(30105); script_xref(name:"RHSA", value:"2008:0581"); script_name(english:"RHEL 4 / 5 : bluez-libs and bluez-utils (RHSA-2008:0581)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated bluez-libs and bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX(r) socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-2374" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0581" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-utils-cups"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0581"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"bluez-libs-2.10-3")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"bluez-libs-2.10-3")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"bluez-libs-devel-2.10-3")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"bluez-libs-devel-2.10-3")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"bluez-utils-2.10-2.4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"bluez-utils-2.10-2.4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"bluez-utils-cups-2.10-2.4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"bluez-utils-cups-2.10-2.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bluez-libs-3.7-1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bluez-libs-3.7-1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bluez-libs-devel-3.7-1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bluez-libs-devel-3.7-1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bluez-utils-3.7-2.2")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bluez-utils-3.7-2.2")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bluez-utils-cups-3.7-2.2")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bluez-utils-cups-3.7-2.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bluez-libs / bluez-libs-devel / bluez-utils / bluez-utils-cups"); } }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-6133.NASL
description	The remote Fedora host is missing one or more security updates : bluez-utils-3.35-3.fc9 : - Thu Jul 10 2008 - Will Woods <wwoods at redhat.com> - 3.35-3 - Re-add hid2hci - Fri Jul 4 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-2 - Re-enable hidd - Thu Jul 3 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocera <bnocera at redhat.com> - 3.34-1 - Update to 3.34 - Thu Jun 12 2008 - Bastien Nocera <bnocera at redhat.com> - 3.32-1 - Update to 3.32 bluez-libs-3.35-1.fc9 : - Thu Jul 3 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocera <bnocera at redhat.com> - 3.34-1 - Update to 3.34 - Thu Jun 12 2008 - Bastien Nocera <bnocera at redhat.com> - 3.32-1 - Update to 3.32 - Fri Apr 18 2008 Peter Jones <pjones at redhat.com> - Make bluez-libs-devel own /usr/include/bluetooth/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	34124
published	2008-09-10
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34124
title	Fedora 9 : bluez-libs-3.35-1.fc9 / bluez-utils-3.35-3.fc9 (2008-6133)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-6133. # include("compat.inc"); if (description) { script_id(34124); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2374"); script_bugtraq_id(30105); script_xref(name:"FEDORA", value:"2008-6133"); script_name(english:"Fedora 9 : bluez-libs-3.35-1.fc9 / bluez-utils-3.35-3.fc9 (2008-6133)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote Fedora host is missing one or more security updates : bluez-utils-3.35-3.fc9 : - Thu Jul 10 2008 - Will Woods <wwoods at redhat.com> - 3.35-3 - Re-add hid2hci - Fri Jul 4 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-2 - Re-enable hidd - Thu Jul 3 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocera <bnocera at redhat.com> - 3.34-1 - Update to 3.34 - Thu Jun 12 2008 - Bastien Nocera <bnocera at redhat.com> - 3.32-1 - Update to 3.32 bluez-libs-3.35-1.fc9 : - Thu Jul 3 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocera <bnocera at redhat.com> - 3.34-1 - Update to 3.34 - Thu Jun 12 2008 - Bastien Nocera <bnocera at redhat.com> - 3.32-1 - Update to 3.32 - Fri Apr 18 2008 Peter Jones <pjones at redhat.com> - Make bluez-libs-devel own /usr/include/bluetooth/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452715" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/013764.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac832c0a" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/013765.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?62f0b15d" ); script_set_attribute( attribute:"solution", value:"Update the affected bluez-libs and / or bluez-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bluez-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bluez-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"bluez-libs-3.35-1.fc9")) flag++; if (rpm_check(release:"FC9", reference:"bluez-utils-3.35-3.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bluez-libs / bluez-utils"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-6140.NASL
description	The remote Fedora host is missing one or more security updates : bluez-utils-3.35-3.fc8 : - Thu Jul 10 2008 - Will Woods <wwoods at redhat.com> - 3.35-3 - Re-add hid2hci - Fri Jul 4 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-2 - Re-add hidd - Thu Jul 3 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocera <bnocera at redhat.com> - 3.34-1 - Update to 3.34 - Wed Mar 26 2008 - Bastien Nocera <bnocera at redhat.com> - 3.20-7 - Add patch to avoid a kernel oops when switching from HID to HCI mode (#228755) - Fri Jan 25 2008 - Bastien Nocera <bnocera at redhat.com> - 3.20-6 - Avoid dund and pand starting too early (#429489) - Fri Jan 25 2008 - Bastien Nocera <bnocera at redhat.com> - 3.20-5 - Fix hcid trying to find the OUI file somewhere in /var (#428803) bluez-libs-3.35-1.fc8 : - Thu Jul 3 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocera <bnocera at redhat.com> - 3.34-1 - Update to 3.34 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	34421
published	2008-10-16
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34421
title	Fedora 8 : bluez-libs-3.35-1.fc8 / bluez-utils-3.35-3.fc8 (2008-6140)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-6140. # include("compat.inc"); if (description) { script_id(34421); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2374"); script_bugtraq_id(30105); script_xref(name:"FEDORA", value:"2008-6140"); script_name(english:"Fedora 8 : bluez-libs-3.35-1.fc8 / bluez-utils-3.35-3.fc8 (2008-6140)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote Fedora host is missing one or more security updates : bluez-utils-3.35-3.fc8 : - Thu Jul 10 2008 - Will Woods <wwoods at redhat.com> - 3.35-3 - Re-add hid2hci - Fri Jul 4 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-2 - Re-add hidd - Thu Jul 3 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocera <bnocera at redhat.com> - 3.34-1 - Update to 3.34 - Wed Mar 26 2008 - Bastien Nocera <bnocera at redhat.com> - 3.20-7 - Add patch to avoid a kernel oops when switching from HID to HCI mode (#228755) - Fri Jan 25 2008 - Bastien Nocera <bnocera at redhat.com> - 3.20-6 - Avoid dund and pand starting too early (#429489) - Fri Jan 25 2008 - Bastien Nocera <bnocera at redhat.com> - 3.20-5 - Fix hcid trying to find the OUI file somewhere in /var (#428803) bluez-libs-3.35-1.fc8 : - Thu Jul 3 2008 - Bastien Nocera <bnocera at redhat.com> - 3.35-1 - Update to 3.35 - Fri Jun 27 2008 - Bastien Nocera <bnocera at redhat.com> - 3.34-1 - Update to 3.34 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=452715" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015336.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?62f1315e" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015337.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3177f5b5" ); script_set_attribute( attribute:"solution", value:"Update the affected bluez-libs and / or bluez-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bluez-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bluez-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"bluez-libs-3.35-1.fc8")) flag++; if (rpm_check(release:"FC8", reference:"bluez-utils-3.35-3.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bluez-libs / bluez-utils"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_BLUEZ-AUDIO-5441.NASL
description	Missing length checks in bluez-libs could cause a buffer overflow in Bluetooth applications. Malicious bluetooth devices could potentially exploit that to execute arbitrary code (CVE-2008-2374). Note: The source code of each application that uses vulnerable functions of bluez-libs needs to be adapted to actually fix the problem.
last seen	2020-06-01
modified	2020-06-02
plugin id	34289
published	2008-09-25
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34289
title	openSUSE 10 Security Update : bluez-audio (bluez-audio-5441)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0581.NASL
description	From Red Hat Security Advisory 2008:0581 : Updated bluez-libs and bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX(r) socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	67723
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67723
title	Oracle Linux 4 / 5 : bluez-libs / bluez-utils (ELSA-2008-0581)

NASL family	SuSE Local Security Checks
NASL id	SUSE_BLUEZ-CUPS-5437.NASL
description	Missing length checks in bluez-libs could cause a buffer overflow in Bluetooth applications. Malicious bluetooth devices could potentially exploit that to execute arbitrary code. (CVE-2008-2374) Note: The source code of each application that uses vulnerable functions of bluez-libs needs to be adapted to actually fix the problem.
last seen	2020-06-01
modified	2020-06-02
plugin id	34276
published	2008-09-24
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34276
title	SuSE 10 Security Update : Bluetooth utilities (ZYPP Patch Number 5437)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0581.NASL
description	Updated bluez-libs and bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX(r) socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	43698
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43698
title	CentOS 4 / 5 : bluez-libs / bluez-utils (CESA-2008:0581)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080714_BLUEZ_LIBS_AND_BLUEZ_UTILS_ON_SL4_X.NASL
description	An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX® socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374)
last seen	2020-06-01
modified	2020-06-02
plugin id	60439
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60439
title	Scientific Linux Security Update : bluez-libs and bluez-utils on SL4.x, SL5.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_BLUEZ-AUDIO-080716.NASL
description	Missing length checks in bluez-libs could cause a buffer overflow in Bluetooth applications. Malicious bluetooth devices could potentially exploit that to execute arbitrary code (CVE-2008-2374). Note: The source code of each application that uses vulnerable functions of bluez-libs needs to be adapted to actually fix the problem.
last seen	2020-06-01
modified	2020-06-02
plugin id	39922
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39922
title	openSUSE Security Update : bluez-audio (bluez-audio-100)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200903-29.NASL
description	The remote host is affected by the vulnerability described in GLSA-200903-29 (BlueZ: Arbitrary code execution) It has been reported that the Bluetooth packet parser does not validate string length fields in SDP packets. Impact : A physically proximate attacker using a Bluetooth device with an already established trust relationship could send specially crafted requests, possibly leading to arbitrary code execution or a crash. Exploitation may also be triggered by a local attacker registering a service record via a UNIX socket or D-Bus interface. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	35942
published	2009-03-17
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35942
title	GLSA-200903-29 : BlueZ: Arbitrary code execution

Oval

accepted

2013-04-29T04:23:48.149-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9973

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	452715
title	CVE-2008-2374 bluez-libs: SDP payload processing vulnerability

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment bluez-libs is earlier than 0:2.10-3
oval oval:com.redhat.rhsa:tst:20080581001
comment bluez-libs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20080581002
AND
comment bluez-libs-devel is earlier than 0:2.10-3
oval oval:com.redhat.rhsa:tst:20080581003
comment bluez-libs-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20080581004
AND
comment bluez-utils is earlier than 0:2.10-2.4
oval oval:com.redhat.rhsa:tst:20080581005
comment bluez-utils is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20070065002
AND
comment bluez-utils-cups is earlier than 0:2.10-2.4
oval oval:com.redhat.rhsa:tst:20080581007
comment bluez-utils-cups is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20070065004

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment bluez-libs is earlier than 0:3.7-1.1
oval oval:com.redhat.rhsa:tst:20080581010
comment bluez-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080581011
AND
comment bluez-libs-devel is earlier than 0:3.7-1.1
oval oval:com.redhat.rhsa:tst:20080581012
comment bluez-libs-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080581013
AND
comment bluez-utils is earlier than 0:3.7-2.2
oval oval:com.redhat.rhsa:tst:20080581014
comment bluez-utils is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080581015
AND
comment bluez-utils-cups is earlier than 0:3.7-2.2
oval oval:com.redhat.rhsa:tst:20080581016
comment bluez-utils-cups is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080581017

rhsa

id	RHSA-2008:0581
released	2008-07-14
severity	Moderate
title	RHSA-2008:0581: bluez-libs and bluez-utils security update (Moderate)

rpms

bluez-libs-0:2.10-3
bluez-libs-0:3.7-1.1
bluez-libs-debuginfo-0:2.10-3
bluez-libs-debuginfo-0:3.7-1.1
bluez-libs-devel-0:2.10-3
bluez-libs-devel-0:3.7-1.1
bluez-utils-0:2.10-2.4
bluez-utils-0:3.7-2.2
bluez-utils-cups-0:2.10-2.4
bluez-utils-cups-0:3.7-2.2
bluez-utils-debuginfo-0:2.10-2.4
bluez-utils-debuginfo-0:3.7-2.2

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 30105 CVE(CAN) ID: CVE-2008-2374 BlueZ是官方的Linux蓝牙协议栈。 BlueZ的SDP解析代码盲目地信任了入站SDP报文中的字符串长度字段，如果远程攻击者向SDP查询发送了恶意响应的话，就可以触发缓冲区溢出，导致拒绝服务或执行任意代码。以下是bluez-libs-3.30/src/sdp.c文件中的漏洞代码段： 972 static sdp_data_t extract_str(const void p, int len) 973 { 974 char s; 975 int n; 976 sdp_data_t d = malloc(sizeof(sdp_data_t)); 977 978 memset(d, 0, sizeof(sdp_data_t)); 979 d->dtd = (uint8_t ) p; 980 p += sizeof(uint8_t); 981 len += sizeof(uint8_t); 982 983 switch (d->dtd) { 984 case SDP_TEXT_STR8: 985 case SDP_URL_STR8: 986 n = (uint8_t ) p; // <-- from the incoming packet 987 p += sizeof(uint8_t); 988 len += sizeof(uint8_t) + n; // <-- blindly trusted here, may advance parser past end of packet 989 break; 990 case SDP_TEXT_STR16: 991 case SDP_URL_STR16: 992 n = ntohs(bt_get_unaligned((uint16_t ) p)); // <-- from the incoming packet 993 p += sizeof(uint16_t); 994 *len += sizeof(uint16_t) + n; // <-- blindly trusted here, may advance parser past end of packet 995 break; 996 default: 997 SDPERR("Sizeof text string > UINT16_MAX\n"); 998 free(d); 999 return 0; 1000 } 1001 1002 s = malloc(n + 1); // <-- really blindly trusted here, also no NULL checking 1003 memset(s, 0, n + 1); 1004 memcpy(s, p, n); 1005 1006 SDPDBG("Len : %d\n", n); 1007 SDPDBG("Str : %s\n", s); 1008 1009 d->val.str = s; 1010 d->unitSize = n + sizeof(uint8_t); // <-- more blind trust 1011 return d; 1012 } 漏洞的起因在1125行，sdp_extract_pdu()函数没有对长度字段执行正确的检查，导致了上述漏洞。 BlueZ 3.34 BlueZ ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.bluez.org/ target=_blank>http://www.bluez.org/</a>
id	SSV:3575
last seen	2017-11-19
modified	2008-07-09
published	2008-07-09
reporter	Root
title	BlueZ SDP负载处理多个缓冲区溢出漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

Seebug

References