Mageia: 2021-0281 Moderate: Bluez Man-In-The-Middle Attack Fix
mageia
June 23, 2021
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing ...
Summary
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1
through 5.2 may permit a nearby man-in-the-middle attacker to identify the
Passkey used during pairing (in the Passkey authentication procedure) by
reflection of the public key and the authentication evidence of the initiating
device, potentially permitting this attacker to complete authenticated pairing
with the responding device using the correct Passkey for the pairing session.
The attack methodology determines the Passkey value one bit at a time
(CVE-2020-26558).
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds
checks on the 'offset' variable before using it as an index into an array for
reading (CVE-2021-3588).
References
- https://bugs.mageia.org/show_bug.cgi?id=29140
- https://ubuntu.com/security/notices/USN-4989-1
- https://www.cve.org/CVERecord?id=CVE-2020-26558
- https://www.cve.org/CVERecord?id=CVE-2021-3588
Resolution
SRPMS
- 7/core/bluez-5.54-1.2.mga7
- 8/core/bluez-5.55-3.1.mga8
PREVIOUS
NEXT
Publication date: 23 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0281.html
Type: security
CVE: CVE-2020-26558,
CVE-2021-3588
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!