what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2020-15238

Status Candidate

Overview

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.

Related Files

Gentoo Linux Security Advisory 202011-11
Posted Nov 11, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202011-11 - A privilege escalation vulnerability has been discovered in Blueman. Versions less than 2.1.4 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2020-15238
SHA-256 | d1a319518d23072df82ddb23e7ac8498b8ce75a7ced766173d542640e3bbaadc
Ubuntu Security Notice USN-4605-2
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4605-2 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. While a previous security update fixed the issue, this update provides additional improvements by enabling PolicyKit authentication for privileged commands. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-15238
SHA-256 | a002dc8f38994b9b14e4c9d270098dbd18203170e58487b85174d6fd4cf21c4c
Debian Security Advisory 4781-1
Posted Oct 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4781-1 - Vaisha Bernard discovered that Blueman, a graphical bluetooth manager performed insufficient validation on a D-Bus interface, which could result in denial of service or privilege escalation.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2020-15238
SHA-256 | fca192b68db8419079766f9d06d616f92440e97aeb33c47eec3d8b3cef6d270c
Blueman Local Root / Privilege Escalation
Posted Oct 28, 2020
Authored by Vaisha Bernard

Blueman versions prior to 2.1.4 suffer from a local privilege escalation vulnerability that achieves root.

tags | exploit, local, root
advisories | CVE-2020-15238
SHA-256 | ad12e1f52e4713a386324b965386aa1a9020999aa33360fe64eedb3b1faaaecf
Ubuntu Security Notice USN-4605-1
Posted Oct 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4605-1 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-15238
SHA-256 | f4e1c94bc5fad949b633aad9b1d3ff52fc89d9c44561afe0d76705f447f7d736
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close