The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Bluetooth Drivers: multiple vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities were announced in several implementations of Bluetooth drivers.
Impacted software: iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity of this computer vulnerability: 2/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
Références of this announce: BlueBorne, CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-1000250, CVE-2017-1000251, CVE-2017-8628, SUSE-SU-2019:0510-1, VIGILANCE-VUL-23818, VU#240311.

Description of the vulnerability 

Several vulnerabilities were announced in several implementations of Bluetooth drivers:
 - Android : Information Leak Vulnerability (CVE-2017-0785) - VIGILANCE-VUL-23741
 - Android : Remote Code Execution Vulnerability #1 (CVE-2017-0781) - VIGILANCE-VUL-23741
 - Android : Remote Code Execution vulnerability #2 (CVE-2017-0782) - VIGILANCE-VUL-23741
 - Android : Man in The Middle attack (CVE-2017-0783) - VIGILANCE-VUL-23741
 - Windows : Man in The Middle attack (CVE-2017-8628) - VIGILANCE-VUL-23826
 - Linux : BlueZ Information leak vulnerability (CVE-2017-1000250) - VIGILANCE-VUL-23829
 - Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) - VIGILANCE-VUL-23830
 - iOS : Remote code execution via Low Energy Audio Protocol (CVE-2017-14315) - mitigated by iOS 10

This bulletin serves as a cap because all these vulnerabilities have been grouped under the name "BlueBorne". Individual bulletins are referenced at the end of each line.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness impacts software or systems such as iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this vulnerability note is medium.

The trust level is of type confirmed by the editor, with an origin of radio connection.

This bulletin is about 7 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity threat.

Solutions for this threat 

Bluetooth Drivers: workaround.
A workaround is to disable Bluetooth.

SUSE LE 12 RTM/SP1: new bluez packages.
New packages are available:
  SUSE LE 12 RTM: bluez 5.13-3.10.1
  SUSE LE 12 SP1: bluez 5.13-3.10.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities note. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.