Vulnerabilites related to blueman_project - blueman
CVE-2015-8612 (GCVE-0-2015-8612)
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/79688 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2015/dsa-3427 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.exploit-db.com/exploits/46186/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.421085 | vendor-advisory, x_refsource_SLACKWARE | |
| https://twitter.com/thegrugq/status/677809527882813440 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/12/18/6 | mailing-list, x_refsource_MLIST | |
| https://github.com/blueman-project/blueman/issues/416 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/12/19/1 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html | x_refsource_MISC | |
| https://github.com/blueman-project/blueman/releases/tag/2.0.3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79688",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79688"
},
{
"name": "DSA-3427",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3427"
},
{
"name": "46186",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46186/"
},
{
"name": "SSA:2015-356-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.421085"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/thegrugq/status/677809527882813440"
},
{
"name": "[oss-security] 20151218 CVE request: Blueman: Privilege escalation in blueman dbus API",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blueman-project/blueman/issues/416"
},
{
"name": "[oss-security] 20151218 Re: CVE request: Blueman: Privilege escalation in blueman dbus API",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/19/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blueman-project/blueman/releases/tag/2.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "79688",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79688"
},
{
"name": "DSA-3427",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3427"
},
{
"name": "46186",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46186/"
},
{
"name": "SSA:2015-356-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.421085"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/thegrugq/status/677809527882813440"
},
{
"name": "[oss-security] 20151218 CVE request: Blueman: Privilege escalation in blueman dbus API",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blueman-project/blueman/issues/416"
},
{
"name": "[oss-security] 20151218 Re: CVE request: Blueman: Privilege escalation in blueman dbus API",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/19/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blueman-project/blueman/releases/tag/2.0.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79688"
},
{
"name": "DSA-3427",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3427"
},
{
"name": "46186",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46186/"
},
{
"name": "SSA:2015-356-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.421085"
},
{
"name": "https://twitter.com/thegrugq/status/677809527882813440",
"refsource": "MISC",
"url": "https://twitter.com/thegrugq/status/677809527882813440"
},
{
"name": "[oss-security] 20151218 CVE request: Blueman: Privilege escalation in blueman dbus API",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/6"
},
{
"name": "https://github.com/blueman-project/blueman/issues/416",
"refsource": "CONFIRM",
"url": "https://github.com/blueman-project/blueman/issues/416"
},
{
"name": "[oss-security] 20151218 Re: CVE request: Blueman: Privilege escalation in blueman dbus API",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/19/1"
},
{
"name": "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html"
},
{
"name": "https://github.com/blueman-project/blueman/releases/tag/2.0.3",
"refsource": "CONFIRM",
"url": "https://github.com/blueman-project/blueman/releases/tag/2.0.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-8612",
"datePublished": "2016-01-08T19:00:00",
"dateReserved": "2015-12-18T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15238 (GCVE-0-2020-15238)
Vulnerability from cvelistv5
Published
2020-10-27 19:00
Modified
2024-08-04 13:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| blueman-project | blueman |
Version: < 2.1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:23.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blueman-project/blueman/releases/tag/2.1.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287"
},
{
"name": "DSA-4781",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4781"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html"
},
{
"name": "[debian-lts-announce] 20201103 [SECURITY] [DLA 2430-1] blueman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html"
},
{
"name": "FEDORA-2020-7c22b25a07",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFLMNHAHX5HPIKC5IG6F25HO5Z6RH2N/"
},
{
"name": "FEDORA-2020-ebabb6bf76",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W52NP7HRFTNAVNZLGKY4GR3JIZG5KKGS/"
},
{
"name": "FEDORA-2020-e083225fa1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3F4EQU6CAPBKAPJ42HTB473NJLXFKB32/"
},
{
"name": "GLSA-202011-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "blueman",
"vendor": "blueman-project",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:21",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blueman-project/blueman/releases/tag/2.1.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287"
},
{
"name": "DSA-4781",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4781"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html"
},
{
"name": "[debian-lts-announce] 20201103 [SECURITY] [DLA 2430-1] blueman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html"
},
{
"name": "FEDORA-2020-7c22b25a07",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFLMNHAHX5HPIKC5IG6F25HO5Z6RH2N/"
},
{
"name": "FEDORA-2020-ebabb6bf76",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W52NP7HRFTNAVNZLGKY4GR3JIZG5KKGS/"
},
{
"name": "FEDORA-2020-e083225fa1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3F4EQU6CAPBKAPJ42HTB473NJLXFKB32/"
},
{
"name": "GLSA-202011-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-11"
}
],
"source": {
"advisory": "GHSA-jpc9-mgw6-2xwx",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation Blueman",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15238",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation Blueman"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "blueman",
"version": {
"version_data": [
{
"version_value": "\u003c 2.1.4"
}
]
}
}
]
},
"vendor_name": "blueman-project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx",
"refsource": "CONFIRM",
"url": "https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx"
},
{
"name": "https://github.com/blueman-project/blueman/releases/tag/2.1.4",
"refsource": "MISC",
"url": "https://github.com/blueman-project/blueman/releases/tag/2.1.4"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287"
},
{
"name": "DSA-4781",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4781"
},
{
"name": "http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html"
},
{
"name": "[debian-lts-announce] 20201103 [SECURITY] [DLA 2430-1] blueman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html"
},
{
"name": "FEDORA-2020-7c22b25a07",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFLMNHAHX5HPIKC5IG6F25HO5Z6RH2N/"
},
{
"name": "FEDORA-2020-ebabb6bf76",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W52NP7HRFTNAVNZLGKY4GR3JIZG5KKGS/"
},
{
"name": "FEDORA-2020-e083225fa1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3F4EQU6CAPBKAPJ42HTB473NJLXFKB32/"
},
{
"name": "GLSA-202011-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-11"
}
]
},
"source": {
"advisory": "GHSA-jpc9-mgw6-2xwx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15238",
"datePublished": "2020-10-27T19:00:20",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:23.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blueman_project | blueman | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blueman_project:blueman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40FA878B-929D-478E-B70C-FB59641370EC",
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument."
},
{
"lang": "es",
"value": "El m\u00e9todo EnableNetwork en la clase Network en plugins/mechanism/Network.py en Blueman en versiones anteriores a 2.0.3 permite a usuarios locales obtener privilegios a trav\u00e9s del argumento dhcp_handler."
}
],
"id": "CVE-2015-8612",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:16.350",
"references": [
{
"source": "security@debian.org",
"url": "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3427"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/6"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/19/1"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/79688"
},
{
"source": "security@debian.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.421085"
},
{
"source": "security@debian.org",
"url": "https://github.com/blueman-project/blueman/issues/416"
},
{
"source": "security@debian.org",
"url": "https://github.com/blueman-project/blueman/releases/tag/2.0.3"
},
{
"source": "security@debian.org",
"url": "https://twitter.com/thegrugq/status/677809527882813440"
},
{
"source": "security@debian.org",
"url": "https://www.exploit-db.com/exploits/46186/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.421085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/blueman-project/blueman/issues/416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/blueman-project/blueman/releases/tag/2.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://twitter.com/thegrugq/status/677809527882813440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/46186/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-27 19:15
Modified
2024-11-21 05:05
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blueman_project | blueman | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blueman_project:blueman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9B46B2-63AD-4EB8-B031-585524C1E7F3",
"versionEndExcluding": "2.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules."
},
{
"lang": "es",
"value": "Blueman es un GTK+ Bluetooth Manager.\u0026#xa0;En Blueman versiones anteriores a 2.1.4, el m\u00e9todo DhcpClient de la interfaz D-Bus en el mecanismo blueman es propenso a una vulnerabilidad de inyecci\u00f3n de argumentos.\u0026#xa0;El impacto depende en gran medida de la configuraci\u00f3n del sistema.\u0026#xa0;Si Polkit-1 est\u00e1 deshabilitado y para versiones inferiores a 2.0.6, cualquier usuario local posiblemente puede explotar esto.\u0026#xa0;Si Polkit-1 est\u00e1 habilitado para la versi\u00f3n 2.0.6 y posteriores, un posible atacante debe poder usar la acci\u00f3n \"org.blueman.dhcp.client\".\u0026#xa0;Eso est\u00e1 limitado a los usuarios en el grupo wheel en el archivo de reglas enviado que tienen los privilegios de cualquier manera.\u0026#xa0;En los sistemas con el cliente DHCP de ISC (dhclient), unos atacantes pueden pasar argumentos a \"ip link\" con el nombre de la interfaz que, por ejemplo, puede usarse para desactivar una interfaz o agregar un programa XDP/BPF arbitrario.\u0026#xa0;En sistemas con dhcpcd y sin cliente ISC DHCP,\u0026#xa0;los atacantes pueden incluso ejecutar scripts arbitrarios pasando \"-c/path/to/script\" como nombre de la interfaz.\u0026#xa0;Los parches son incluidos en versi\u00f3n 2.1.4 y el maestro que cambia los m\u00e9todos DhcpClient D-Bus acepta rutas de objetos de red BlueZ en lugar de nombres de interfaz de red.\u0026#xa0;Tambi\u00e9n est\u00e1 disponible un backport hasta versi\u00f3n 2.0(.8).\u0026#xa0;Como soluci\u00f3n alternativa, aseg\u00farese de que Polkit-1-support est\u00e9 habilitado y limite los privilegios para la acci\u00f3n \"org.blueman.dhcp.client\" a usuarios que pueden ejecutar comandos arbitrarios como root de cualquier manera en /usr/share/ polkit-1 /rules.d/blueman.rules"
}
],
"id": "CVE-2020-15238",
"lastModified": "2024-11-21T05:05:09.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-27T19:15:12.237",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/blueman-project/blueman/releases/tag/2.1.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3F4EQU6CAPBKAPJ42HTB473NJLXFKB32/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFLMNHAHX5HPIKC5IG6F25HO5Z6RH2N/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W52NP7HRFTNAVNZLGKY4GR3JIZG5KKGS/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-11"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/blueman-project/blueman/releases/tag/2.1.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3F4EQU6CAPBKAPJ42HTB473NJLXFKB32/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFLMNHAHX5HPIKC5IG6F25HO5Z6RH2N/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W52NP7HRFTNAVNZLGKY4GR3JIZG5KKGS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4781"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}