USN-256-1: bluez-hcidump vulnerability

22 February 2006

bluez-hcidump vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Pierre Betouin discovered a Denial of Service vulnerability in the handling of the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. By sending a specially crafted L2CAP packet through a wireless Bluetooth connection, a remote attacker could crash hcidump.

Since hcidump is mainly a debugging tool, the impact of this flaw is very low.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
bluez-hcidump
Ubuntu 5.04
bluez-hcidump
Ubuntu 4.10
bluez-hcidump

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References