This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote CentOS host is missing one or more security updates.
An update for bluez is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The bluez packages contain the following utilities for use in
Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd,
l2ping, start scripts (Red Hat), and pcmcia configuration files.
Security Fix(es) :
* An information-disclosure flaw was found in the bluetoothd
implementation of the Service Discovery Protocol (SDP). A specially
crafted Bluetooth device could, without prior pairing or user
interaction, retrieve portions of the bluetoothd process memory,
including potentially sensitive information such as Bluetooth
encryption keys. (CVE-2017-1000250)
Red Hat would like to thank Armis Labs for reporting this issue.
See also :
Update the affected bluez packages.
Risk factor :
Low / CVSS Base Score : 3.3
CVSS Temporal Score : 2.7
Public Exploit Available : true