6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.2%
CentOS Errata and Security Advisory CESA-2017:2685
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files.
Security Fix(es):
Red Hat would like to thank Armis Labs for reporting this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2017-September/084693.html
https://lists.centos.org/pipermail/centos-announce/2017-September/084697.html
Affected packages:
bluez
bluez-alsa
bluez-compat
bluez-cups
bluez-gstreamer
bluez-hid2hci
bluez-libs
bluez-libs-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2017:2685
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | bluez | < 4.66-2.el6_9 | bluez-4.66-2.el6_9.i686.rpm |
CentOS | 6 | i686 | bluez-alsa | < 4.66-2.el6_9 | bluez-alsa-4.66-2.el6_9.i686.rpm |
CentOS | 6 | i686 | bluez-compat | < 4.66-2.el6_9 | bluez-compat-4.66-2.el6_9.i686.rpm |
CentOS | 6 | i686 | bluez-cups | < 4.66-2.el6_9 | bluez-cups-4.66-2.el6_9.i686.rpm |
CentOS | 6 | i686 | bluez-gstreamer | < 4.66-2.el6_9 | bluez-gstreamer-4.66-2.el6_9.i686.rpm |
CentOS | 6 | i686 | bluez-libs | < 4.66-2.el6_9 | bluez-libs-4.66-2.el6_9.i686.rpm |
CentOS | 6 | i686 | bluez-libs-devel | < 4.66-2.el6_9 | bluez-libs-devel-4.66-2.el6_9.i686.rpm |
CentOS | 6 | x86_64 | bluez | < 4.66-2.el6_9 | bluez-4.66-2.el6_9.x86_64.rpm |
CentOS | 6 | i686 | bluez-alsa | < 4.66-2.el6_9 | bluez-alsa-4.66-2.el6_9.i686.rpm |
CentOS | 6 | x86_64 | bluez-alsa | < 4.66-2.el6_9 | bluez-alsa-4.66-2.el6_9.x86_64.rpm |
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.2%