Arch Linux Security Advisory ASA-202003-13
=========================================
Severity: High
Date    : 2020-03-19
CVE-ID  : CVE-2020-0556
Package : bluez
Type    : access restriction bypass
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1116

Summary
======
The package bluez before version 5.54-1 is vulnerable to access
restriction bypass.

Resolution
=========
Upgrade to 5.54-1.

# pacman -Syu "bluez>=5.54-1"

The problem has been fixed upstream in version 5.54.

Workaround
=========
None.

Description
==========
It was discovered that the HID and HOGP profiles implementations in
bluez before 5.54 don't specifically require bonding between the device
and the host. This creates an opportunity for a malicious device to
connect to a target host to either impersonate an existing HID device
without security or to cause an SDP or GATT service discovery to take
place which would allow HID reports to be injected to the input
subsystem from a non-bonded source.
This potentially enables an unauthenticated attacker with adjacent
access to impersonate an existing HID device, cause a denial of service
or escalate privileges.

Impact
=====
An unauthenticated attacker with adjacent access can impersonate an
existing HID device, or cause a denial of service.

References
=========
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
https://www.openwall.com/lists/oss-security/2020/03/12/4
https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
https://patchwork.kernel.org/project/bluetooth/patch/20200310023516.209146-2-alainm@chromium.org/
https://patchwork.kernel.org/project/bluetooth/patch/20200310023516.209146-3-alainm@chromium.org/
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
https://security.archlinux.org/CVE-2020-0556

ArchLinux: 202003-13: bluez: access restriction bypass

March 20, 2020

Summary

It was discovered that the HID and HOGP profiles implementations in bluez before 5.54 don't specifically require bonding between the device and the host. This creates an opportunity for a malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. This potentially enables an unauthenticated attacker with adjacent access to impersonate an existing HID device, cause a denial of service or escalate privileges.

Resolution

Upgrade to 5.54-1. # pacman -Syu "bluez>=5.54-1"
The problem has been fixed upstream in version 5.54.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html https://www.openwall.com/lists/oss-security/2020/03/12/4 https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ https://patchwork.kernel.org/project/bluetooth/patch/20200310023516.209146-2-alainm@chromium.org/ https://patchwork.kernel.org/project/bluetooth/patch/20200310023516.209146-3-alainm@chromium.org/ https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787 https://security.archlinux.org/CVE-2020-0556

Severity
Package : bluez
Type : access restriction bypass
Remote : Yes
Link : https://security.archlinux.org/AVG-1116

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved