This Metasploit module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The org.blueman.Mechanism.EnableNetwork D-Bus interface exposes the set_dhcp_handler function which uses user input in a call to eval, without sanitization, resulting in arbitrary code execution as root. This module has been tested successfully with blueman version 1.23 on Debian 8 Jessie (x64).
85a43e99c894940e1f5253b2c619f91dc4dfc4fda5382f9ab944cf794316f8d4
Slackware Security Advisory - New blueman packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.
b81045c1c59f38a66a84e2269eace9046fe6f3ef352261ce1b8ae44564a998ef