Bug#351881: [Pkg-bluetooth-maintainers] Bug#351881: bluez-hcidump: DoS in hcidump

Filippo Giunchedi filippo at esaurito.net
Mon Feb 13 23:45:19 UTC 2006


On Wed, Feb 08, 2006 at 09:36:56AM +0100, Moritz Muehlenhoff wrote:
> Package: bluez-hcidump
> Severity: important
> Tags: security
> 
> This was posted to the VulnWatch list, I'm not sure whether it can only be
> abused to interfere with the sniffing of Bluetooth traffic or whether more harm
> can be done. If it's the former, it's probably harmless, but please check.

thanks for reporting this!
I've notified the upstream author, the fix is in CVS and probably a new version
of hcidump will follow soon.
My believing is that this bug can only cause remote crash, thus interfering with
bluetooth sniffing as you said. 

filippo
--
Filippo Giunchedi
PGP key: 0x6B79D401
random quote follows:

If there is any better use for being famous and respected than using
that status to question orthodoxy, I haven't found it yet.
-- Eric S. Raymond
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-bluetooth-maintainers/attachments/20060214/a2a8eaaa/attachment-0001.pgp


More information about the Pkg-bluetooth-maintainers mailing list