|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Bluetooth Drivers: multiple vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities were announced in several implementations of Bluetooth drivers.
Impacted products: iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Unix (platform) ~ not comprehensive.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: radio connection.
Confidence: confirmed by the editor (5/5).
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
Identifiers: BlueBorne, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-8628, VIGILANCE-VUL-23818, VU#240311.
Description of the vulnerability
Several vulnerabilities were announced in several implementations of Bluetooth drivers:
- Android : Information Leak Vulnerability (CVE-2017-0785) - VIGILANCE-VUL-23741
- Android : Remote Code Execution Vulnerability #1 (CVE-2017-0781) - VIGILANCE-VUL-23741
- Android : Remote Code Execution vulnerability #2 (CVE-2017-0782) - VIGILANCE-VUL-23741
- Android : Man in The Middle attack (CVE-2017-0783) - VIGILANCE-VUL-23741
- Windows : Man in The Middle attack (CVE-2017-8628) - VIGILANCE-VUL-23826
- Linux : BlueZ Information leak vulnerability (CVE-2017-1000250) - VIGILANCE-VUL-23829
- Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) - VIGILANCE-VUL-23830
- iOS : Remote code execution via Low Energy Audio Protocol (CVE-2017-14315) - mitigated by iOS 10
This bulletin serves as a cap because all these vulnerabilities have been grouped under the name "BlueBorne". Individual bulletins are referenced at the end of each line.
Complete Vigil@nce bulletin.... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities watch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities.