what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2023-45866

Status Candidate

Overview

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Related Files

Gentoo Linux Security Advisory 202401-03
Posted Jan 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2023-45866
SHA-256 | 00bcf7d7f39e7957ade6ec3d65eccb58e969676ea0a1c77b50884d272960344f
Debian Security Advisory 5584-1
Posted Dec 22, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.

tags | advisory
systems | linux, debian
advisories | CVE-2023-45866
SHA-256 | c60c03d128a6806b3f8d0e7cf027c5d53155058c8e252594daf8af61d204802d
Apple Security Advisory 12-11-2023-2
Posted Dec 13, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.

tags | advisory, spoof, vulnerability, code execution
systems | apple, ios
advisories | CVE-2023-42883, CVE-2023-42884, CVE-2023-42890, CVE-2023-42897, CVE-2023-42898, CVE-2023-42899, CVE-2023-42914, CVE-2023-42919, CVE-2023-42922, CVE-2023-42923, CVE-2023-42927, CVE-2023-45866
SHA-256 | 0438f0a9537e5a05a2fce86952d5d7e45b1197dfffe609685a02eb3c1566aa69
Ubuntu Security Notice USN-6540-1
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-45866
SHA-256 | 8a870ceb8e8b80fecb7bdf6531423f8e70b239e9839c50be042ab87d8f8c36d4
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close