Vulnerabilities > CVE-2020-0556
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2240.NASL description It was reported that the BlueZ last seen 2020-06-13 modified 2020-06-10 plugin id 137282 published 2020-06-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137282 title Debian DLA-2240-1 : bluez security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-2240-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(137282); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2020-0556"); script_name(english:"Debian DLA-2240-1 : bluez security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. For the HID profile an new configuration option (ClassicBondedOnly) is introduced to make sure that input connections only come from bonded device connections. The options defaults to 'false' to maximize device compatibility. Note that as a result of the significant changes between the previous version in Jessie (based on upstream release 5.23) and the available patches to address this vulnerability, it was decided that a backport of the bluez package from Debian 9 'Stretch' was the only viable way to address the referenced vulnerability. For Debian 8 'Jessie', this problem has been fixed in version 5.43-2+deb9u2~deb8u1. We recommend that you upgrade your bluez packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/bluez" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bluetooth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bluez"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bluez-cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bluez-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bluez-hcidump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bluez-obexd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bluez-test-scripts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbluetooth-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbluetooth3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbluetooth3-dbg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"bluetooth", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"bluez", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"bluez-cups", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"bluez-dbg", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"bluez-hcidump", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"bluez-obexd", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"bluez-test-scripts", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbluetooth-dev", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbluetooth3", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbluetooth3-dbg", reference:"5.43-2+deb9u2~deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4311-1.NASL description It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7837). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-03-31 plugin id 135027 published 2020-03-31 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135027 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : bluez vulnerabilities (USN-4311-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4311-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(135027); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/28"); script_cve_id("CVE-2016-7837", "CVE-2020-0556"); script_xref(name:"USN", value:"4311-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : bluez vulnerabilities (USN-4311-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556) It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7837). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4311-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected bluez and / or libbluetooth3 packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0556"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:bluez"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbluetooth3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"bluez", pkgver:"5.37-0ubuntu5.3")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libbluetooth3", pkgver:"5.37-0ubuntu5.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"bluez", pkgver:"5.48-0ubuntu3.4")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libbluetooth3", pkgver:"5.48-0ubuntu3.4")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"bluez", pkgver:"5.50-0ubuntu5.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"libbluetooth3", pkgver:"5.50-0ubuntu5.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bluez / libbluetooth3"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4647.NASL description It was reported that the BlueZ last seen 2020-04-30 modified 2020-03-30 plugin id 134984 published 2020-03-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134984 title Debian DSA-4647-1 : bluez - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4647. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(134984); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/28"); script_cve_id("CVE-2020-0556"); script_xref(name:"DSA", value:"4647"); script_name(english:"Debian DSA-4647-1 : bluez - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. For the HID profile an new configuration option (ClassicBondedOnly) is introduced to make sure that input connections only come from bonded device connections. The options defaults to 'false' to maximize device compatibility." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/bluez" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/bluez" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/buster/bluez" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4647" ); script_set_attribute( attribute:"solution", value: "Upgrade the bluez packages. For the oldstable distribution (stretch), this problem has been fixed in version 5.43-2+deb9u2. For the stable distribution (buster), this problem has been fixed in version 5.50-1.2~deb10u1." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0556"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bluez"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"10.0", prefix:"bluetooth", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"bluez", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"bluez-cups", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"bluez-hcidump", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"bluez-obexd", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"bluez-test-scripts", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"bluez-test-tools", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libbluetooth-dev", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"libbluetooth3", reference:"5.50-1.2~deb10u1")) flag++; if (deb_check(release:"9.0", prefix:"bluetooth", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"bluez", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"bluez-cups", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"bluez-dbg", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"bluez-hcidump", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"bluez-obexd", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"bluez-test-scripts", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"bluez-test-tools", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libbluetooth-dev", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libbluetooth3", reference:"5.43-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libbluetooth3-dbg", reference:"5.43-2+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1594.NASL description According to the version of the bluez packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access(CVE-2020-0556) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-06 modified 2020-06-02 plugin id 137012 published 2020-06-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137012 title EulerOS 2.0 SP5 : bluez (EulerOS-SA-2020-1594) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(137012); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05"); script_cve_id( "CVE-2020-0556" ); script_name(english:"EulerOS 2.0 SP5 : bluez (EulerOS-SA-2020-1594)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the bluez packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access(CVE-2020-0556) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1594 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a856e7d"); script_set_attribute(attribute:"solution", value: "Update the affected bluez package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bluez"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bluez-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["bluez-5.44-4.h1.eulerosv2r7", "bluez-libs-5.44-4.h1.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bluez"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-49.NASL description The remote host is affected by the vulnerability described in GLSA-202003-49 (BlueZ: Security bypass) It was discovered that the HID and HOGP profiles implementations in BlueZ did not specifically require bonding between the device and the host. Impact : A remote attacker with adjacent access could impersonate an existing HID device, cause a Denial of Service condition or escalate privileges. Workaround : There is no known workaround at this time. last seen 2020-04-30 modified 2020-03-26 plugin id 134924 published 2020-03-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134924 title GLSA-202003-49 : BlueZ: Security bypass code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-49. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134924); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/28"); script_cve_id("CVE-2020-0556"); script_xref(name:"GLSA", value:"202003-49"); script_name(english:"GLSA-202003-49 : BlueZ: Security bypass"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-49 (BlueZ: Security bypass) It was discovered that the HID and HOGP profiles implementations in BlueZ did not specifically require bonding between the device and the host. Impact : A remote attacker with adjacent access could impersonate an existing HID device, cause a Denial of Service condition or escalate privileges. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-49" ); script_set_attribute( attribute:"solution", value: "All BlueZ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-wireless/bluez-5.54'" ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0556"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bluez"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-wireless/bluez", unaffected:make_list("ge 5.54"), vulnerable:make_list("lt 5.54"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BlueZ"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0918-1.NASL description This update for bluez fixes the following issues : CVE-2020-0556: Fixed an improper access control which could have allowed an unauthenticated user to potentially enable escalation of privilege and denial of service (bsc#1166751). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-04-06 plugin id 135226 published 2020-04-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135226 title SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2020:0918-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0073_BLUEZ.NASL description An update of the bluez package has been released. last seen 2020-04-30 modified 2020-04-12 plugin id 135402 published 2020-04-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135402 title Photon OS 3.0: Bluez PHSA-2020-3.0-0073 NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-479.NASL description This update for bluez fixes the following issues : - CVE-2020-0556: Fixed an improper access control which could have allowed an unauthenticated user to potentially enable escalation of privilege and denial of service (bsc#1166751). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-04-30 modified 2020-04-10 plugin id 135383 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135383 title openSUSE Security Update : bluez (openSUSE-2020-479) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1539.NASL description According to the version of the bluez package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access(CVE-2020-0556) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2020-05-01 plugin id 136242 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136242 title EulerOS Virtualization for ARM 64 3.0.2.0 : bluez (EulerOS-SA-2020-1539)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html
- https://security.gentoo.org/glsa/202003-49
- https://usn.ubuntu.com/4311-1/
- https://www.debian.org/security/2020/dsa-4647
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
- https://www.debian.org/security/2020/dsa-4647
- https://usn.ubuntu.com/4311-1/
- https://security.gentoo.org/glsa/202003-49
- https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html