CVE-2017-1000250

Priority
High
Description
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to
an information disclosure vulnerability which allows remote attackers to
obtain sensitive information from the bluetoothd process memory. This
vulnerability lies in the processing of SDP search attribute requests.
Ubuntu-Description
It was discovered that an information disclosure vulnerability
existed in the Service Discovery Protocol (SDP) implementation in
BlueZ. A physically proximate unauthenticated attacker could use
this to disclose sensitive information.
References
Package
Source: bluez (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (5.46-0ubuntu3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (4.101-0ubuntu13.3)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.37-0ubuntu5.1)
Ubuntu 17.04 (Zesty Zapus):released (5.43-0ubuntu1.1)
Patches:
Upstream:https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9e009647b14e810e06626dde7f1bb9ea3c375d09
More Information

Updated: 2017-09-15 17:14:36 UTC (commit 13337)