Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: A cavity in Linux Bluetooth? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A cavity in Linux Bluetooth?
Looks like there is an issue with over-filling a cavity (buffer) in the Linux Bluetooth stack's cmtp_recv_interopmsg() function.  At the very least, it's a DoS condition, but it might be possible to leverage into running code using malformed CAPI messages with oversized (1) manu (manufacturer) or (2) serial (serial number) fields.  The issue exists in Linux kernels before and in 2.6.x up to  More information can be found here.

160 Posts
Dec 19th 2006

Sign Up for Free or Log In to start participating in the conversation!