Your submission was sent successfully! Close

USN-256-1: bluez-hcidump vulnerability

22 February 2006

bluez-hcidump vulnerability

Releases

Details

Pierre Betouin discovered a Denial of Service vulnerability in the
handling of the L2CAP (Logical Link Control and Adaptation Layer
Protocol) layer. By sending a specially crafted L2CAP packet through a
wireless Bluetooth connection, a remote attacker could crash hcidump.

Since hcidump is mainly a debugging tool, the impact of this flaw is
very low.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • bluez-hcidump -
Ubuntu 5.04
  • bluez-hcidump -
Ubuntu 4.10
  • bluez-hcidump -

In general, a standard system update will make all the necessary changes.

References