Debian DSA-4951-1 : bluez - security update

high Nessus Plugin ID 152271

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4951 advisory.

- Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. (CVE-2020-26558)

- In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. (CVE-2020-27153)

- Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the bluez packages.

For the stable distribution (buster), these problems have been fixed in version 5.50-1.2~deb10u2.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614

https://security-tracker.debian.org/tracker/source-package/bluez

https://www.debian.org/security/2021/dsa-4951

https://security-tracker.debian.org/tracker/CVE-2020-26558

https://security-tracker.debian.org/tracker/CVE-2020-27153

https://security-tracker.debian.org/tracker/CVE-2021-0129

https://packages.debian.org/source/buster/bluez

Plugin Details

Severity: High

ID: 152271

File Name: debian_DSA-4951.nasl

Version: 1.2

Type: local

Agent: unix

Published: 8/8/2021

Updated: 8/8/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

CVSS Score Source: CVE-2020-27153

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:bluetooth, p-cpe:/a:debian:debian_linux:bluez, p-cpe:/a:debian:debian_linux:bluez-cups, p-cpe:/a:debian:debian_linux:bluez-hcidump, p-cpe:/a:debian:debian_linux:bluez-obexd, p-cpe:/a:debian:debian_linux:bluez-test-scripts, p-cpe:/a:debian:debian_linux:bluez-test-tools, p-cpe:/a:debian:debian_linux:libbluetooth-dev, p-cpe:/a:debian:debian_linux:libbluetooth3, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 8/7/2021

Vulnerability Publication Date: 10/15/2020

Reference Information

CVE: CVE-2020-26558, CVE-2020-27153, CVE-2021-0129