Lucene search

K
certCERTVU:685461
HistoryApr 05, 2005 - 12:00 a.m.

Linux kernel Bluetooth support fails to properly bounds check "protocol" variable

2005-04-0500:00:00
www.kb.cert.org
18

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

5.8

Confidence

High

EPSS

0

Percentile

9.7%

Overview

Linux kernels with Bluetooth support do not adequately validate the “protocol” value, allowing a local user to execute arbitrary code with elevated privileges.

Description

Linux kernels with Bluetooth support may contain a local root vulnerability, even if Bluetooth hardware is not present. A call to socket() may bypass a bounds check on the protocol value. This value is used at a later point as an index to a function pointer, making it possible for an attacker to execute arbitrary code from memory regions controlled by the attacker. The flawed Bluetooth kernel modules are present by default on some Linux distributions and are frequently loadable by unprivileged users.

Impact

An unprivileged, local, authenticated user may be able to gain elevated privileges, even on systems without Bluetooth drivers previously loaded or on systems without Bluetooth hardware installed.

Solution

Apply An Update
This issue is addressed in Linux kernels 2.4.30-rc2 and 2.6.11.6.

Disable Bluetooth Support

As a workaround, administrators may remove the bluetooth kernel module(s) from their system.

Install Kernel Modules

Suresec Ltd. has also created loadable kernel modules which check protocol and domain values for validity before being used in the flawed Bluetooth code. More information is available in Suresec security advisory 1.

Vendor Information

685461

Filter by status: All Affected Not Affected Unknown

Filter by content: __Additional information available

__Sort by: Status Alphabetical

Expand all

Javascript is disabled. Clickhere to view vendors.

Linux Kernel Archives __ Affected

Updated: April 05, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is addressed in Linux kernels 2.4.30-rc2 and 2.6.11.6.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc. __ Affected

Notified: April 05, 2005 Updated: December 22, 2005

Status

Affected

Vendor Statement

`This issue could affect Red Hat Enterprise Linux 2.1, 3, and 4 users where the
bluetooth modules are loaded. Updated kernel packages are available at the URL
below and by using the Red Hat Network ‘up2date’ tool.

http://rhn.redhat.com/errata/CAN-2005-0750.html`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian Linux __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM zSeries __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks, Inc. __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc. __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc. __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software, Inc. __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc. __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

SUSE/Novell has released fixed packages to fix this problem, documented in this security advisory:

http://www.novell.com/linux/security/advisories/2005_21_kernel.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent Computer Systems, Inc. __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems, Inc. __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group (SCO Linux) __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux __ Unknown

Notified: April 05, 2005 Updated: April 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 19 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Suresec Ltd for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-0750
Severity Metric: 8.78 Date Public:

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

5.8

Confidence

High

EPSS

0

Percentile

9.7%