CVE-2017-1000250

Priority
Description
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to
an information disclosure vulnerability which allows remote attackers to
obtain sensitive information from the bluetoothd process memory. This
vulnerability lies in the processing of SDP search attribute requests.
Ubuntu-Description
It was discovered that an information disclosure vulnerability
existed in the Service Discovery Protocol (SDP) implementation in
BlueZ. A physically proximate unauthenticated attacker could use
this to disclose sensitive information.
Notes
Package
Source: bluez (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [4.101-0ubuntu13.3])
Ubuntu 16.04 LTS (Xenial Xerus):released (5.37-0ubuntu5.1)
Patches:
Upstream:https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9e009647b14e810e06626dde7f1bb9ea3c375d09
More Information

Updated: 2019-12-05 18:47:25 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)