CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack…

CVE-2017-1000410 [HIGH] CWE-200 kernel: Stack information leak in the EFS element kernel: Stack information leak in the EFS element The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (

CVE-2016-10044 [HIGH] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. (CVE-2016-10044) Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system cra

CVE-2017-1000251 [HIGH] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of ser

CVE-2017-1000251 [HIGH] Linux kernel (Xenial HWE) vulnerabilities Title: Linux kernel (Xenial HWE) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or

CVE-2017-1000251 [HIGH] Linux kernel (HWE) vulnerabilities Title: Linux kernel (HWE) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541) I

CVE-2016-10044 [HIGH] Linux kernel (Trusty HWE) vulnerabilities Title: Linux kernel (Trusty HWE) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabi

CVE-2017-1000251 [HIGH] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541) Instructions: After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number

CVE-2017-1000251 Linux kernel vulnerability Title: Linux kernel vulnerability Summary: The system could be made to crash if it received specially crafted bluetooth traffic. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). Instructions: After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-vi

CVE-2017-1000251 [HIGH] CWE-121 kernel: stack buffer overflow in the native Bluetooth stack kernel: stack buffer overflow in the native Bluetooth stack The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due t

CVE-2017-1000410 [HIGH] CVE-2017-1000410: linux - The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies i... The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit

CVE-2017-1000251 [HIGH] CVE-2017-1000251: linux - The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux ke... The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. Scope: local bookworm: resolved (fixed in 4.12.13-1) bullseye: resolved (fixed in 4.12.13-1) forky: resolved (fixed in 4.12.13-1) sid: resolved (fixed in 4.12.13-1) trixie: resolved (fixed in 4.12.13-1)

CVE-2017-1000410 [HIGH] CWE-200 GHSA-6jqp-hcfj-vjh3: The Linux kernel version 3 The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit

CVE-2017-1000251 [HIGH] CWE-787 GHSA-qhfx-x9j9-g24p: The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2 The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVE-2017-1000410 [HIGH] CVE-2017-1000410: The Linux kernel version 3 The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit

CVE-2017-1000251 [HIGH] linux-lts-xenial vulnerabilities linux-lts-xenial vulnerabilities USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) It was discovered that a buffe

CVE-2017-1000251 [HIGH] linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system cr

CVE-2017-1000251 [HIGH] linux vulnerabilities linux vulnerabilities It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. (CVE-2016-10044) Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-10200) Andreas Gruenbacher an

CVE-2017-1000251 [HIGH] linux-hwe vulnerabilities linux-hwe vulnerabilities USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541)

CVE-2017-1000251 [HIGH] CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2 The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

CVE-2017-1000251 [HIGH] Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC) Linux Kernel # Version: Kernel version v3.3-rc1, and thus affects all version from there on # Tested on: Linux 4.4.0-93-generic #116 # CVE : CVE-2017-1000251 # Provided for legal security research and testing purposes ONLY. Proof of Concept - Crash Only - Unarmed/Unweaponized/No Payload After reading tons of Documentation and Protocol specifications. 1) Install Scapy https://github.com/secdev/scapy Add/Replace these requests and responses in Bluetooth Protocol stack to these: scapy/layers/bluetooth.py class L2CAP_ConfReq(Packet): name = "L2CAP Conf Req" fields_desc = [ LEShortField("dcid",0), LEShortField("flags",0), ByteField("type",0), ByteField("length",0), ByteField("identifier",0), ByteField("servicetype",0), LEShortField("sdusize",0), LEIntField("sduarrtime",0), LEIntFiel

CVE-2017-1000251 [HIGH] CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack [fedora-all] CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported

CVE-2017-1000251 [HIGH] CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack [fedora-all] CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple suppor

CVE-2017-1000251 [HIGH] CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack CVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack An attacker within bluetooth transmission range can cause a stack buffer overflow in the Bluetooth system of the Linux kernel while processing pending L2CAP configuration responses from a client. An unauthenticated user able to connect to a system via Bluetooth could use this flaw to potentially execute arbitrary code with root privileges on the system. External References: https://www.armis.com/blueborne/ https://access.redhat.com/security/vulnerabilities/blueborne https://access.redhat.com/solutions/3177231 https://access.redhat.com/blogs/product-security/posts/blueborne An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3

Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs IEEEexample:BSTcontrol Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs Marwa Salayma, Member, IEEE\ of Computing, Imperial College London London, United Kingdom This work was supported by PETRAS National Centre of Excellence for IoT Systems Cybersecurity (PETRAS 2), Grant number is EP/S035362/1. ## Abstract This work presents a threat modelling approach to represent changes to the attack paths through an Internet of Things (IoT) environment when the environment changes dynamically, i.e., when new devices are added or removed from the system or when whole sub-systems join or leave. The proposed approach investigates the propagation of threats using attack graphs. However, traditional attack graph approaches have been applied in static environments tha

L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing Haram Park, Carlos Kayembe Nkuba, Seunghoon Woo, Heejo Lee1 Korea University, \freehr94, carlosnkuba, seunghoonwoo, heejo\@korea.ac.kr plain plain ## Abstract Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technology used in billions of devices. Recently, several Bluetooth fuzzing studies have been conducted to detect vulnerabilities in Bluetooth devices, but they fall short of effectively generating malformed packets. In this paper, we propose L2Fuzz, a stateful fuzzer to detect vulnerabilities in Bluetooth BR/EDR Logical Link Control and Adaptation Protocol (L2CAP) layer. By selecting valid commands for each state and mutating only the core fields of packets, L2Fuzz can generate valid malf

[MEDIUM] Protecting Your Bluetooth Devices from BlueBorne Blog / Subscribe # Protecting Your Bluetooth Devices from BlueBorne David Schwalenberg September 15, 2017 1 Min Read A new attack vector, codenamed BlueBorne, can potentially affect all devices with Bluetooth capabilities – ordinary computers, mobile phones, and IoT devices – literally billions of devices in the world today. Hackers can use this attack vector to leverage Bluetooth connections to completely take over targeted devices. BlueBorne spreads through the air, allowing it to bypass all security measures and potentially infect even “air-gapped” networks. The attack does not require the attacker’s device and the targeted device to be paired; in fact, the targeted device does not even need to be set on discoverable mode. The BlueBorne attack vector requires no user interaction,

Protecting Your Bluetooth Devices from BlueBorne ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

[HIGH] BlueBorne May Affect Billions of Bluetooth Devices FORTIGUARD LABS THREAT RESEARCH BlueBorne May Affect Billions of Bluetooth Devices By Aamir Lakhani | September 14, 2017 Bluetooth is one of the most widely deployed and used connectivity protocols in the world. Everything from electronic devices to smartphones uses it, as do a growing number of IoT devices. Now, a new Bluetooth exploit, known as BlueBorne, exploits a number of Bluetooth vulnerabilities, making literally billions of devices potentially vulnerable to attack. BlueBorne is a hybrid Trojan-Worm malware that spreads via Bluetooth. Because it includes worm-like properties, any infected system is also a potential carrier, and will actively search for vulnerable hosts. Unfortunately, vulnerable hosts can include any Bluetooth-enabled device, including Android, iOS, Mac OSX, a