The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3157 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3157-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Sylvain Beucler     October 24, 2022                              https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : bluez     Version        : 5.50-1.2~deb10u3     CVE ID         : CVE-2019-8921 CVE-2019-8922 CVE-2021-41229 CVE-2021-43400                      CVE-2022-0204 CVE-2022-39176 CVE-2022-39177     Debian Bug     : 998626 1000262 1003712

    Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth     protocol stack. An attacker could cause a denial-of-service (DoS) or     leak information.

    CVE-2019-8921

        SDP infoleak, the vulnerability lies in the handling of a         SVC_ATTR_REQ by the SDP implementation of BlueZ. By crafting a         malicious CSTATE, it is possible to trick the server into         returning more bytes than the buffer actually holds, resulting in         leaking arbitrary heap data.

    CVE-2019-8922

        SDP Heap Overflow; this vulnerability lies in the SDP protocol         handling of attribute requests as well. By requesting a huge         number of attributes at the same time, an attacker can overflow         the static buffer provided to hold the response.

    CVE-2021-41229

        sdp_cstate_alloc_buf allocates memory which will always be hung in         the singly linked list of cstates and will not be freed. This will         cause a memory leak over time. The data can be a very large         object, which can be caused by an attacker continuously sending         sdp packets and this may cause the service of the target device to         crash.

    CVE-2021-43400

        A use-after-free in gatt-database.c can occur when a client         disconnects during D-Bus processing of a WriteValue call.

    CVE-2022-0204

        A heap overflow vulnerability was found in bluez. An attacker with         local network access could pass specially crafted files causing an         application to halt or crash, leading to a denial of service.

    CVE-2022-39176

        BlueZ allows physically proximate attackers to obtain sensitive         information because profiles/audio/avrcp.c does not validate         params_len.

    CVE-2022-39177

        BlueZ allows physically proximate attackers to cause a denial of         service because malformed and invalid capabilities can be         processed in profiles/audio/avdtp.c.

    For Debian 10 buster, these problems have been fixed in version     5.50-1.2~deb10u3.

    We recommend that you upgrade your bluez packages.

    For the detailed security status of bluez please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/bluez

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3157 : bluetooth - security update

critical Nessus Plugin ID 166429

Version 1.4

Version 1.3

Version 1.2

Version 1.4 Jan 22, 2025, 5:44 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202501221744
Version 1.3 Oct 9, 2023, 5:00 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310091700
Version 1.2 Oct 24, 2022, 5:49 PM New Plugin Feed: 202210241749