exploit the possibilities
Showing 1 - 4 of 4 RSS Feed

CVE-2020-26558

Status Candidate

Overview

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

Related Files

Ubuntu Security Notice USN-5018-1
Posted Jul 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5018-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909
MD5 | 5689144ce247f58cfe35aa8184a61e3f
Ubuntu Security Notice USN-5017-1
Posted Jul 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5017-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2021-33909
MD5 | 0873c6cc3ecce256f668e9fe41464f0e
Ubuntu Security Notice USN-4989-2
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2020-27153
MD5 | cc5458351241b8662dc901aa7976092e
Ubuntu Security Notice USN-4989-1
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4989-1 - It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2020-27153, CVE-2021-3588
MD5 | 9bddaf7808213fef5017a3935246b0ca
Page 1 of 1
Back1Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close