Debian Local Security Checks : Debian: Security Advisory (DLA-2827-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.892827

Category: Debian Local Security Checks

Title: Debian: Security Advisory (DLA-2827-1)

Summary: The remote host is missing an update for the Debian 'bluez' package(s) announced via the DLA-2827-1 advisory.

Description: Summary:
The remote host is missing an update for the Debian 'bluez' package(s) announced via the DLA-2827-1 advisory.

Vulnerability Insight:
Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth protocol stack. An attacker could cause a denial-of-service (DoS) or leak information.

CVE-2019-8921

SDP infoleak, the vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation of BlueZ. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data.

CVE-2019-8922

SDP Heap Overflow, this vulnerability lies in the SDP protocol handling of attribute requests as well. By requesting a huge number of attributes at the same time, an attacker can overflow the static buffer provided to hold the response.

CVE-2021-41229

sdp_cstate_alloc_buf allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.

For Debian 9 stretch, these problems have been fixed in version 5.43-2+deb9u5.

We recommend that you upgrade your bluez packages.

For the detailed security status of bluez please refer to its security tracker page at: [link moved to references]

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]

Affected Software/OS:
'bluez' package(s) on Debian 9.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-8921
https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-8922
Common Vulnerability Exposure (CVE) ID: CVE-2021-41229
https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html

Copyright Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.892827
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-2827-1)
Summary:	The remote host is missing an update for the Debian 'bluez' package(s) announced via the DLA-2827-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'bluez' package(s) announced via the DLA-2827-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth protocol stack. An attacker could cause a denial-of-service (DoS) or leak information. CVE-2019-8921 SDP infoleak, the vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation of BlueZ. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. CVE-2019-8922 SDP Heap Overflow, this vulnerability lies in the SDP protocol handling of attribute requests as well. By requesting a huge number of attributes at the same time, an attacker can overflow the static buffer provided to hold the response. CVE-2021-41229 sdp_cstate_alloc_buf allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. For Debian 9 stretch, these problems have been fixed in version 5.43-2+deb9u5. We recommend that you upgrade your bluez packages. For the detailed security status of bluez please refer to its security tracker page at: [link moved to references] Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'bluez' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-8921 https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2019-8922 Common Vulnerability Exposure (CVE) ID: CVE-2021-41229 https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html
Copyright	Copyright (C) 2021 Greenbone AG