hcidump bluetooth L2CAP packet denial of service

hcidump-bluetooth-dos (24533) The risk level is classified as LowLow Risk

Description:

hcidump is vulnerable to a denial of service attack. A remote attacker could exploit this vulnerability to cause hcidump to crash by sending a specially-crafted Logical Link Control and Adaptation Protocol (L2CAP) packet.

Platforms Affected:

  • BlueZ Project, hcidump 1.29
  • Canonical, Ubuntu 4.10
  • Canonical, Ubuntu 5.04
  • Canonical, Ubuntu 5.10
  • Debian, Debian Linux 3.1
  • MandrakeSoft, Mandrake Linux 2006 X86_64
  • MandrakeSoft, Mandrake Linux 2006
  • MandrakeSoft, Mandrake Linux LE2005
  • MandrakeSoft, Mandrake Linux LE2005 X86_64
  • MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
  • MandrakeSoft, Mandrake Linux Corporate Server 3.0

Remedy:

For Debian GNU/Linux:
Refer to DSA-990-1 for patch, upgrade, or suggested workaround information. See References.

For Ubuntu Linux:
Refer to USN-256-1 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

  • BlueZ Project Web site, BlueZ - Official Linux Bluetooth protocol stack at http://www.bluez.org/.
  • Full-Disclosure Mailing List, Mon Feb 06 2006 - 10:56:23 CST, [ Secuobs - Advisory ] Bluetooth : DoS on Sony/Ericsson cell phones at http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0079.html.
  • CVE-2006-0670: Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to caues a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
  • DSA-990: bluez-hcidump -- programming error
  • MDKSA-2006:041: Updated bluez-hcidump packages fix buffer overflow vulnerability
  • SA18741: hcidump Bluetooth L2CAP Denial of Service Vulnerability
  • USN-256-1: bluez-hcidump vulnerability
  • VUPEN/ADV-2006-0479: hcidump Bluetooth L2CAP Packet Handling Denial of Service Vulnerability

Reported:

Feb 06, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page