CVE-2017-1000250 Information

Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.debian.org/security/2017/dsa-3972 http://www.securityfocus.com/bid/100814 https://access.redhat.com/errata/RHSA-2017:2685 https://access.redhat.com/security/cve/CVE-2017-1000250 https://access.redhat.com/security/vulnerabilities/blueborne https://www.armis.com/blueborne https://www.kb.cert.org/vuls/id/240311 https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5