Bug 1015171 - (CVE-2016-9917) VUL-1: CVE-2016-9917: bluez,bluez-hcidump: Heap-based buffer overflow vulnerability in read_n()
(CVE-2016-9917)
VUL-1: CVE-2016-9917: bluez,bluez-hcidump: Heap-based buffer overflow vulnera...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/177295/
CVSSv2:SUSE:CVE-2016-9917:4.3:(AV:A/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-12 16:48 UTC by Marcus Meissner
Modified: 2020-09-16 11:02 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
abergmann: needinfo? (acho)


Attachments
CVE-2016-9917.poc (4.07 KB, application/octet-stream)
2016-12-12 16:50 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-12-12 16:48:45 UTC
A heap-based buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

PoC can be found in following report:

https://www.spinics.net/lists/linux-bluetooth/msg68892.html
Comment 1 Marcus Meissner 2016-12-12 16:50:59 UTC
Created attachment 706106 [details]
CVE-2016-9917.poc

QA REPRODUCER:

hcidump -a -r CVE-2016-9917.poc

should not report:
*** Error in `hcidump': free(): invalid pointer: 0x000055d22dcc4030 ***
*** Error in `hcidump': malloc: top chunk is corrupt: 0x000055d22dcc4610 ***
Comment 2 Marcus Meissner 2016-12-12 16:58:54 UTC
the snoop protocol reader reads the size of the data blob from the stream and does not do any form of size validation
Comment 3 Swamp Workflow Management 2016-12-12 23:01:53 UTC
bugbot adjusting priority
Comment 10 Swamp Workflow Management 2019-05-24 19:14:02 UTC
SUSE-SU-2019:1339-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1013708,1013712,1013893,1015171,1015173
CVE References: CVE-2016-9797,CVE-2016-9798,CVE-2016-9802,CVE-2016-9917,CVE-2016-9918
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    bluez-5.13-5.12.1
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    bluez-5.13-5.12.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    bluez-5.13-5.12.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    bluez-5.13-5.12.1
SUSE Linux Enterprise Server 12-SP4 (src):    bluez-5.13-5.12.1
SUSE Linux Enterprise Server 12-SP3 (src):    bluez-5.13-5.12.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    bluez-5.13-5.12.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    bluez-5.13-5.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2019-05-24 19:21:44 UTC
SUSE-SU-2019:1353-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1013708,1013712,1013893,1015171
CVE References: CVE-2016-9797,CVE-2016-9798,CVE-2016-9802,CVE-2016-9917
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    bluez-5.48-5.16.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    bluez-5.48-5.16.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    bluez-5.48-5.16.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    bluez-5.48-5.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2019-05-30 10:19:11 UTC
openSUSE-SU-2019:1476-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1013708,1013712,1013893,1015171
CVE References: CVE-2016-9797,CVE-2016-9798,CVE-2016-9802,CVE-2016-9917
Sources used:
openSUSE Leap 15.1 (src):    bluez-5.48-lp151.8.3.1
openSUSE Leap 15.0 (src):    bluez-5.48-lp150.4.13.1
Comment 14 Swamp Workflow Management 2019-10-18 19:23:22 UTC
SUSE-SU-2019:1353-2: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1013708,1013712,1013893,1015171
CVE References: CVE-2016-9797,CVE-2016-9798,CVE-2016-9802,CVE-2016-9917
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    bluez-5.48-5.16.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    bluez-5.48-5.16.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    bluez-5.48-5.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    bluez-5.48-5.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.