Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2374

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2374
Last Modified 26 Nov 2012 10:46:53
Published 07 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2374

Summary

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Vulnerable Systems

Application

  • Bluez Libs 3.30

  • Bluez Utils 3.33


References

FEDORA - FEDORA-2008-6133

FEDORA - FEDORA-2008-6140

VUPEN - ADV-2008-2096

BID - 30105

REDHAT - RHSA-2008:0581

MANDRIVA - MDVSA-2008:145

CONFIRM - http://www.bluez.org/bluez-334/

MLIST - [bluez-devel] 20080616 SDP payload processing vulnerability

GENTOO - GLSA-200903-29

SECUNIA - 34280

SECUNIA - 32279

SECUNIA - 32099

SECUNIA - 31833

SECUNIA - 31057

SECUNIA - 30957

SUSE - SUSE-SR:2008:019

SECTRACK - 1020479


Last Updated: 27 May 2016 10:49:51