Vulnerabilities > CVE-2018-10910

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
local
low complexity
bluez
canonical
nessus

Summary

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Vulnerable Configurations

Part Description Count
Application
Bluez
154
OS
Canonical
1

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1101.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1101 advisory. - bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices (CVE-2018-10910) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135337
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135337
    titleCentOS 7 : bluez (CESA-2020:1101)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:1101 and 
    # CentOS Errata and Security Advisory 2020:1101 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135337);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05");
    
      script_cve_id("CVE-2018-10910");
      script_xref(name:"RHSA", value:"2020:1101");
    
      script_name(english:"CentOS 7 : bluez (CESA-2020:1101)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:1101 advisory.
    
      - bluez: failure in disabling Bluetooth discoverability in
        certain cases may lead to the unauthorized pairing of
        Bluetooth devices (CVE-2018-10910)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012418.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3b931fd9"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected bluez packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10910");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bluez");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bluez-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bluez-hid2hci");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bluez-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bluez-libs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bluez-5.44-6.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bluez-cups-5.44-6.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bluez-hid2hci-5.44-6.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bluez-libs-5.44-6.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bluez-libs-devel-5.44-6.el7")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bluez / bluez-cups / bluez-hid2hci / bluez-libs / bluez-libs-devel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1101.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1101 advisory. - bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices (CVE-2018-10910) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-31
    plugin id135034
    published2020-03-31
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135034
    titleRHEL 7 : bluez (RHSA-2020:1101)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1101. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135034);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");
    
      script_cve_id("CVE-2018-10910");
      script_xref(name:"RHSA", value:"2020:1101");
    
      script_name(english:"RHEL 7 : bluez (RHSA-2020:1101)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:1101 advisory.
    
      - bluez: failure in disabling Bluetooth discoverability in
        certain cases may lead to the unauthorized pairing of
        Bluetooth devices (CVE-2018-10910)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/863.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1101");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-10910");
      script_set_attribute(attribute:"solution", value:
    "Update the affected bluez-libs and / or bluez-libs-devel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10910");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(863);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::computenode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-hid2hci");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-libs-devel");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'bluez-libs-5.44-6.el7', 'cpu':'i686', 'release':'7'},
        {'reference':'bluez-libs-5.44-6.el7', 'cpu':'s390', 'release':'7'},
        {'reference':'bluez-libs-5.44-6.el7', 'cpu':'s390x', 'release':'7'},
        {'reference':'bluez-libs-5.44-6.el7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'bluez-libs-devel-5.44-6.el7', 'cpu':'i686', 'release':'7'},
        {'reference':'bluez-libs-devel-5.44-6.el7', 'cpu':'s390', 'release':'7'},
        {'reference':'bluez-libs-devel-5.44-6.el7', 'cpu':'s390x', 'release':'7'},
        {'reference':'bluez-libs-devel-5.44-6.el7', 'cpu':'x86_64', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bluez-libs / bluez-libs-devel');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1912.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1912 advisory. - bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices (CVE-2018-10910) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-04-28
    plugin id136060
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136060
    titleRHEL 8 : bluez (RHSA-2020:1912)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1912. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136060);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29");
    
      script_cve_id("CVE-2018-10910");
      script_xref(name:"RHSA", value:"2020:1912");
    
      script_name(english:"RHEL 8 : bluez (RHSA-2020:1912)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:1912 advisory.
    
      - bluez: failure in disabling Bluetooth discoverability in
        certain cases may lead to the unauthorized pairing of
        Bluetooth devices (CVE-2018-10910)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/863.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1912");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-10910");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1606203");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10910");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(863);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::crb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8::baseos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-hid2hci");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bluez-obexd");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'bluez-5.50-3.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'bluez-5.50-3.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'bluez-5.50-3.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'bluez-cups-5.50-3.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'bluez-cups-5.50-3.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'bluez-cups-5.50-3.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'bluez-debugsource-5.50-3.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'bluez-debugsource-5.50-3.el8', 'cpu':'i686', 'release':'8'},
        {'reference':'bluez-debugsource-5.50-3.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'bluez-debugsource-5.50-3.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'bluez-hid2hci-5.50-3.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'bluez-hid2hci-5.50-3.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'bluez-hid2hci-5.50-3.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'bluez-libs-5.50-3.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'bluez-libs-5.50-3.el8', 'cpu':'i686', 'release':'8'},
        {'reference':'bluez-libs-5.50-3.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'bluez-libs-5.50-3.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'bluez-libs-devel-5.50-3.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'bluez-libs-devel-5.50-3.el8', 'cpu':'i686', 'release':'8'},
        {'reference':'bluez-libs-devel-5.50-3.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'bluez-libs-devel-5.50-3.el8', 'cpu':'x86_64', 'release':'8'},
        {'reference':'bluez-obexd-5.50-3.el8', 'cpu':'aarch64', 'release':'8'},
        {'reference':'bluez-obexd-5.50-3.el8', 'cpu':'s390x', 'release':'8'},
        {'reference':'bluez-obexd-5.50-3.el8', 'cpu':'x86_64', 'release':'8'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bluez / bluez-cups / bluez-debugsource / etc');
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_BLUEZ_ON_SL7_X.NASL
    description* bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices
    last seen2020-04-30
    modified2020-04-21
    plugin id135802
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135802
    titleScientific Linux Security Update : bluez on SL7.x x86_64 (20200407)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135802);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");
    
      script_cve_id("CVE-2018-10910");
    
      script_name(english:"Scientific Linux Security Update : bluez on SL7.x x86_64 (20200407)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "* bluez: failure in disabling Bluetooth discoverability in certain
    cases may lead to the unauthorized pairing of Bluetooth devices"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=11598
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?27f05272"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bluez");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bluez-cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bluez-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bluez-hid2hci");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bluez-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bluez-libs-devel");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bluez-5.44-6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bluez-cups-5.44-6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bluez-debuginfo-5.44-6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bluez-hid2hci-5.44-6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bluez-libs-5.44-6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bluez-libs-devel-5.44-6.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bluez / bluez-cups / bluez-debuginfo / bluez-hid2hci / bluez-libs / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3856-1.NASL
    descriptionChris Marchesi discovered that BlueZ incorrectly handled disabling Bluetooth visibility. A remote attacker could possibly pair to devices, contrary to expectations. This update adds a workaround to GNOME Bluetooth to fix the issue. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-15
    plugin id121186
    published2019-01-15
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121186
    titleUbuntu 18.04 LTS : gnome-bluetooth vulnerability (USN-3856-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3856-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121186);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2018-10910");
      script_xref(name:"USN", value:"3856-1");
    
      script_name(english:"Ubuntu 18.04 LTS : gnome-bluetooth vulnerability (USN-3856-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chris Marchesi discovered that BlueZ incorrectly handled disabling
    Bluetooth visibility. A remote attacker could possibly pair to
    devices, contrary to expectations. This update adds a workaround to
    GNOME Bluetooth to fix the issue.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3856-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected gnome-bluetooth and / or libgnome-bluetooth13
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnome-bluetooth");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgnome-bluetooth13");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"18.04", pkgname:"gnome-bluetooth", pkgver:"3.28.0-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libgnome-bluetooth13", pkgver:"3.28.0-2ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-bluetooth / libgnome-bluetooth13");
    }
    

Redhat

advisories
  • bugzilla
    id1606203
    titleCVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentbluez-libs is earlier than 0:5.44-6.el7
            ovaloval:com.redhat.rhsa:tst:20201101001
          • commentbluez-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685014
        • AND
          • commentbluez is earlier than 0:5.44-6.el7
            ovaloval:com.redhat.rhsa:tst:20201101003
          • commentbluez is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685012
        • AND
          • commentbluez-libs-devel is earlier than 0:5.44-6.el7
            ovaloval:com.redhat.rhsa:tst:20201101005
          • commentbluez-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685008
        • AND
          • commentbluez-hid2hci is earlier than 0:5.44-6.el7
            ovaloval:com.redhat.rhsa:tst:20201101007
          • commentbluez-hid2hci is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685018
        • AND
          • commentbluez-cups is earlier than 0:5.44-6.el7
            ovaloval:com.redhat.rhsa:tst:20201101009
          • commentbluez-cups is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685006
    rhsa
    idRHSA-2020:1101
    released2020-03-31
    severityLow
    titleRHSA-2020:1101: bluez security update (Low)
  • bugzilla
    id1606203
    titleCVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentbluez-debugsource is earlier than 0:5.50-3.el8
            ovaloval:com.redhat.rhsa:tst:20201912001
          • commentbluez-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20201912002
        • AND
          • commentbluez-cups is earlier than 0:5.50-3.el8
            ovaloval:com.redhat.rhsa:tst:20201912003
          • commentbluez-cups is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685006
        • AND
          • commentbluez-obexd is earlier than 0:5.50-3.el8
            ovaloval:com.redhat.rhsa:tst:20201912005
          • commentbluez-obexd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20201912006
        • AND
          • commentbluez-libs is earlier than 0:5.50-3.el8
            ovaloval:com.redhat.rhsa:tst:20201912007
          • commentbluez-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685014
        • AND
          • commentbluez-hid2hci is earlier than 0:5.50-3.el8
            ovaloval:com.redhat.rhsa:tst:20201912009
          • commentbluez-hid2hci is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685018
        • AND
          • commentbluez is earlier than 0:5.50-3.el8
            ovaloval:com.redhat.rhsa:tst:20201912011
          • commentbluez is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685012
        • AND
          • commentbluez-libs-devel is earlier than 0:5.50-3.el8
            ovaloval:com.redhat.rhsa:tst:20201912013
          • commentbluez-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20172685008
    rhsa
    idRHSA-2020:1912
    released2020-04-28
    severityLow
    titleRHSA-2020:1912: bluez security update (Low)
rpms
  • bluez-0:5.44-6.el7
  • bluez-cups-0:5.44-6.el7
  • bluez-debuginfo-0:5.44-6.el7
  • bluez-hid2hci-0:5.44-6.el7
  • bluez-libs-0:5.44-6.el7
  • bluez-libs-devel-0:5.44-6.el7
  • bluez-0:5.50-3.el8
  • bluez-cups-0:5.50-3.el8
  • bluez-cups-debuginfo-0:5.50-3.el8
  • bluez-debuginfo-0:5.50-3.el8
  • bluez-debugsource-0:5.50-3.el8
  • bluez-hid2hci-0:5.50-3.el8
  • bluez-hid2hci-debuginfo-0:5.50-3.el8
  • bluez-libs-0:5.50-3.el8
  • bluez-libs-debuginfo-0:5.50-3.el8
  • bluez-libs-devel-0:5.50-3.el8
  • bluez-obexd-0:5.50-3.el8
  • bluez-obexd-debuginfo-0:5.50-3.el8