Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: A cavity in Linux Bluetooth? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A cavity in Linux Bluetooth?
Looks like there is an issue with over-filling a cavity (buffer) in the Linux Bluetooth stack's cmtp_recv_interopmsg() function.  At the very least, it's a DoS condition, but it might be possible to leverage into running code using malformed CAPI messages with oversized (1) manu (manufacturer) or (2) serial (serial number) fields.  The issue exists in Linux kernels before 2.4.33.5 and in 2.6.x up to 2.6.19.1.  More information can be found here.
Tom

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!