Detections
Analytics

Debian dla-3157 : bluetooth - security update

critical Nessus Plugin ID 166429

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3157 advisory.

 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3157-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 24, 2022 https://wiki.debian.org/LTS
 - -------------------------------------------------------------------------

 Package : bluez Version : 5.50-1.2~deb10u3 CVE ID : CVE-2019-8921 CVE-2019-8922 CVE-2021-41229 CVE-2021-43400 CVE-2022-0204 CVE-2022-39176 CVE-2022-39177 Debian Bug : 998626 1000262 1003712

 Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth protocol stack. An attacker could cause a denial-of-service (DoS) or leak information.

 CVE-2019-8921

 SDP infoleak, the vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation of BlueZ. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data.

 CVE-2019-8922

 SDP Heap Overflow; this vulnerability lies in the SDP protocol handling of attribute requests as well. By requesting a huge number of attributes at the same time, an attacker can overflow the static buffer provided to hold the response.

 CVE-2021-41229

 sdp_cstate_alloc_buf allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.

 CVE-2021-43400

 A use-after-free in gatt-database.c can occur when a client disconnects during D-Bus processing of a WriteValue call.

 CVE-2022-0204

 A heap overflow vulnerability was found in bluez. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

 CVE-2022-39176

 BlueZ allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

 CVE-2022-39177

 BlueZ allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

 For Debian 10 buster, these problems have been fixed in version 5.50-1.2~deb10u3.

 We recommend that you upgrade your bluez packages.

 For the detailed security status of bluez please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/bluez

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the bluetooth packages.

See Also

https://security-tracker.debian.org/tracker/source-package/bluez

https://security-tracker.debian.org/tracker/CVE-2019-8921

https://security-tracker.debian.org/tracker/CVE-2019-8922

https://security-tracker.debian.org/tracker/CVE-2021-41229

https://security-tracker.debian.org/tracker/CVE-2021-43400

https://security-tracker.debian.org/tracker/CVE-2022-0204

https://security-tracker.debian.org/tracker/CVE-2022-39176

https://security-tracker.debian.org/tracker/CVE-2022-39177

https://packages.debian.org/source/buster/bluez

Plugin Details

Severity: Critical

ID: 166429

File Name: debian_DLA-3157.nasl

Version: 1.4

Type: local

Agent: unix

Published: 10/24/2022

Updated: 1/22/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2021-43400

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:bluez-hcidump, p-cpe:/a:debian:debian_linux:bluetooth, p-cpe:/a:debian:debian_linux:bluez, p-cpe:/a:debian:debian_linux:bluez-obexd, p-cpe:/a:debian:debian_linux:libbluetooth-dev, p-cpe:/a:debian:debian_linux:bluez-test-tools, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:bluez-test-scripts, p-cpe:/a:debian:debian_linux:libbluetooth3, p-cpe:/a:debian:debian_linux:bluez-cups

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/24/2022

Vulnerability Publication Date: 11/4/2021

Reference Information

CVE: CVE-2019-8921, CVE-2019-8922, CVE-2021-41229, CVE-2021-43400, CVE-2022-0204, CVE-2022-39176, CVE-2022-39177