Ubuntu 4.10 / 5.04 / 5.10 : bluez-hcidump vulnerability (USN-256-1)
Medium Nessus Plugin ID 21064
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionPierre Betouin discovered a Denial of Service vulnerability in the handling of the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. By sending a specially crafted L2CAP packet through a wireless Bluetooth connection, a remote attacker could crash hcidump.
Since hcidump is mainly a debugging tool, the impact of this flaw is very low.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected bluez-hcidump package.