Blue SDK Service Discovery Profile Buffer Overrun Vulnerability
OpenSynergy Advisory ID: BlueSDK – 2018-003

 

Summary

A vulnerability has been discovered in Blue SDK software and has been assigned the CVE-2018-20378 identifier. Successful exploitation will result in a Denial-of-Service condition affecting the connected Bluetooth devices. There is a potential for remote code execution but we were unable to reproduce this behaviour in our testing.

The vulnerability affects the following Blue SDK releases: 3.2, 4.x, 5.0 through 5.5.3, and 6.0. The remedy for this vulnerability has been developed and is available. In order to address the vulnerability, Blue SDK customers should either apply the remedy to the source code or use Blue SDK code where the remedy has already been applied. If you are using an earlier release of Blue SDK please contact OpenSynergy to determine what steps to take.

This vulnerability was reported to us by Cymotive Technologies.

This advisory is available at:

English: https://www.opensynergy.com/news/security/bluesdk-advisory2018003/

German: https://www.opensynergy.com/de/news/security/bluesdk-advisory2018003

 

Affected Software

Blue SDK 3.2, all versions of Blue SDK 4.x, Blue SDK 5.0 through Blue SDK 5.5.3, and Blue SDK 6.0 are affected. Blue SDK 5.5.4 and Blue SDK 6.0.1 are not affected.

Earlier versions of Blue SDK may be also affected. If you are using an earlier release of Blue SDK please contact OpenSynergy.

In order to determine the version of Blue SDK you are using check the BT_STACK_VERSION value in btconfig.h. (For example: #define BT_STACK_VERSION 551 indicates Blue SDK version 5.5.1).

 

Details

For a system to be vulnerable, an affected version of Blue SDK must also have certain configuration settings that would allow an attacker to access the vulnerability.

The successful exploitation of the vulnerability involves setting an invalid L2CAP configuration parameter value, which allows the attacker to overwrite memory using the Service Discovery Protocol (SDP).

The attacker does not have to pair/bond with the vulnerable system in order to trigger the vulnerability but must be within Bluetooth range of the vulnerable system and be able to establish communication to it.

Successful exploitation will lead to a Denial-of-Service condition affecting the connected Bluetooth devices.

 

Fixed Software and Availability

Remedies have been created and are available for each of the affected versions listed above. These remedies can be requested by going to https://support.opensynergy.com or sending email to bluesdk@opensynergy.com with the version of Blue SDK used.

Earlier versions of Blue SDK may also be impacted, please contact OpenSynergy directly if using an earlier version. See contact information below.

 

Exploitation and Public Announcements

We are not aware of any malicious use of the vulnerability described in this advisory.

 

Contact

If you have questions or need additional information, we encourage you to contact OpenSynergy support (https://support.opensynergy.com), your OpenSynergy account manager or the OpenSynergy distributor in your geographic region (https://www.opensynergy.com/contact/).

You may also direct technical questions and technical support inquiries to https://support.opensynergy.com, or email bluesdk@opensynergy.com.

 

Revision History

VersionDateDescription
1.02019-February-25Initial release