CVE-2017-1000250:Remote information disclosure vulnerability in BlueZ SDP server (CVE-2017-1000250) affecting BlueZ 5.46 and earlier, allowing attackers to read sensitive data from the bluetoothd process memory via SDP search attribute requests.

splash
Back

Description Preview

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

Overview

This CVE concerns an information disclosure flaw in BlueZ’s SDP server, present in BlueZ versions up to 5.46. The vulnerability is triggered by handling SDP search attribute requests, enabling remote attackers to retrieve sensitive data from the bluetoothd process memory without authentication or interaction. The issue is widely referenced in multiple vendor advisories and security analyses under the BlueBorne umbrella.

Remediation

  • Upgrade BlueZ to a fixed version provided by your OS/distribution vendor (addressing the SDP processing flaw). Check and apply the patched BlueZ package or a newer release (commonly 5.47+ or the vendor’s subsequent update).
  • If upgrading is not feasible, apply the vendor-provided patch or backport the fix to your BlueZ package as advised by your distribution.
  • If SDP services are not required in your environment, consider disabling the SDP server component or the Bluetooth SDP handling to reduce exposure until a patch is applied.
  • After applying the fix, restart the Bluetooth daemon (bluetoothd) and verify that the patch is in effect by consulting vendor advisories or testing for remediation indicators.
  • Monitor official advisories and CVE databases for any additional mitigations or updates related to this vulnerability.

References

  • Red Hat: RHSA-2017:2685 (https://access.redhat.com/errata/RHSA-2017:2685)
  • Red Hat Vulnerabilities: https://access.redhat.com/security/vulnerabilities/blueborne
  • ArmIs: BlueBorne (https://www.armis.com/blueborne)
  • Debian Security Advisory: DSA-3972 (http://www.debian.org/security/2017/dsa-3972)
  • Synology Security Advisory: Synology_SA_17_52_BlueBorne (https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne)
  • BID: 100814 (http://www.securityfocus.com/bid/100814)
  • NVIDIA Customer Support: Article (http://nvidia.custhelp.com/app/answers/detail/a_id/4561)
  • CERT-VN: VU#240311 (https://www.kb.cert.org/vuls/id/240311)

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  3. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  4. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  5. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  6. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  7. Public Administration: Low
    Public Administration
  8. Accommodation & Food Services: Low
    Accommodation & Food Services
  9. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  10. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  11. Construction: Low
    Construction
  12. Educational Services: Low
    Educational Services
  13. Finance and Insurance: Low
    Finance and Insurance
  14. Information: Low
    Information
  15. Mining: Low
    Mining
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background