bluez-5.72-2.el9
エラータID: AXSA:2024-9114:01
リリース日:
2024/12/11 Wednesday - 18:58
題名:
bluez-5.72-2.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- BlueZ Audio Profile AVRCP 機能には、メモリ領域の境界外
書き込みの問題があるため、Bluetooth 通信が可能な範囲にいる
攻撃者により、細工された Bluetooth デバイスの接続を介して、
特権昇格、および任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-27349)
- BlueZ Audio Profile AVRCP 機能には、スタックオーバー
フローの問題があるため、Bluetooth 通信が可能な範囲にいる
攻撃者により、細工された Bluetooth デバイスの接続を介して、
特権昇格、および任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-44431)
- BlueZ の Bluetooth HID ホスト機能には、ペアリングによって
認証されていないキーボードなどのペリフェラルロールの HID
デバイスによる暗号化された接続の確立と HID キーボードレポート
の受信を許容してしまう問題があるため、Bluetooth 接続が可能な
攻撃者により、細工された Bluetooth キーボードなどのデバイス
との接続を介して、任意のコマンドの実行を可能とする脆弱性が
存在します。(CVE-2023-45866)
- BlueZ の電話帳アクセスプロファイルには、データサイズの
チェック処理の欠落に起因したヒープ領域のバッファーオーバー
フローの問題があるため、Bluetooth 通信が可能な範囲にいる
攻撃者により、細工された Bluetooth デバイスとの接続を介して、
任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2023-50229)
- BlueZ の電話帳アクセスプロファイルには、データサイズの
チェック処理の欠落に起因したヒープ領域のバッファーオーバー
フローの問題があるため、Bluetooth 通信の可能な範囲にいる
攻撃者により、細工された Bluetooth デバイスとの接続を介して、
任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2023-50230)
- BlueZ Audio Profile AVRCP 機能には、メモリ領域の境界外
読み取りの問題があるため、Bluetooth 通信が可能な範囲にいる
攻撃者により、特権昇格、および任意のコードの実行を可能と
する脆弱性が存在します。(CVE-2023-51580)
- BlueZ のオーディオプロファイル (AVRCP) の
parse_media_element() 関数には、入力されたデータのチェック
処理の欠落に起因したメモリ領域の範囲外読み取りの問題がある
ため、Bluetooth 通信が可能な範囲にいる攻撃者により、細工
された Bluetooth デバイスとの接続を介して、情報の漏洩、
および特権での任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-51589)
- BlueZ オーディオプロファイル (AVRCP) の
parse_media_folder() 関数には、入力されたデータのチェック
処理の欠落に起因したメモリ領域の範囲外読み取りの問題がある
ため、Bluetooth 通信が可能な範囲にいる攻撃者により、細工
された Bluetooth デバイスとの接続を介して、情報の漏洩、
および特権での任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-51592)
- BlueZ OBEX ライブラリには、メモリ領域の範囲外読み取り
の問題があるため、Bluetooth 通信が可能な範囲にいる攻撃者
により、細工された Bluetooth デバイスとの接続を介して、
特権昇格、および任意のコードの実行を可能とする脆弱性が
存在します。(CVE-2023-51594)
- BlueZ の電話帳アクセスプロファイルの処理には、データ
サイズのチェック処理の欠落に起因したヒープ領域のバッファー
オーバーフローの問題があるため、Bluetooth 通信の可能な
範囲にいる攻撃者により、細工された Bluetooth デバイスとの
通信を介して、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-51596)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-27349
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.
CVE-2023-44431
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.
CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
CVE-2023-50229
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936.
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936.
CVE-2023-50230
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.
CVE-2023-51580
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.
CVE-2023-51589
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.
CVE-2023-51592
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.
CVE-2023-51594
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.
CVE-2023-51596
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939.
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939.
追加情報:
N/A
ダウンロード:
SRPMS
- bluez-5.72-2.el9.src.rpm
MD5: 543d66c396102765e50892ce05918665
SHA-256: 0d3fb06d5afd2bb9a3650fdf748ab0835f2d1a4f1733c7f1b36a8497918610ff
Size: 2.30 MB
Asianux Server 9 for x86_64
- bluez-5.72-2.el9.x86_64.rpm
MD5: 21a5e92019c443692de132477b447ccb
SHA-256: 2109a4b5a1b2fbab9257a16dd53383531703be35895b008c874f54e02f876a52
Size: 1.15 MB - bluez-cups-5.72-2.el9.x86_64.rpm
MD5: 50b419445694180ca27898177c98ed98
SHA-256: 38a6b61b57a583517eb270c77ae058f554271a688d90f88e14a55456b0eb4f56
Size: 26.50 kB - bluez-libs-5.72-2.el9.i686.rpm
MD5: 852213a08ff8f10b4eecb1b6a88f5449
SHA-256: 9fdf2b3ff46c51b43373814c66609b0638097d1debd959f7fd9d1437dd9f367f
Size: 85.11 kB - bluez-libs-5.72-2.el9.x86_64.rpm
MD5: 746f542695b682e4e73c4e1c520d8fbf
SHA-256: c6569b2f098edab47c529b24a991c4de1249108fad46e42ba2a42d5a175f6805
Size: 81.45 kB - bluez-libs-devel-5.72-2.el9.i686.rpm
MD5: 5185bcc19b6e96932c09eff209f8ff45
SHA-256: 191ffdce563504e083f96d0d07b4b8056ce9735413c62467f7748e5528ff1e02
Size: 253.13 kB - bluez-libs-devel-5.72-2.el9.x86_64.rpm
MD5: 2121052d60de0fab46e0af2d6d6114bf
SHA-256: 6b8611dbb74c308decc41ec06373d83baabaaf0bbfbe9cd4e3006bc77de3cced
Size: 246.30 kB - bluez-obexd-5.72-2.el9.x86_64.rpm
MD5: c5c92cdc04b6a91d6e8efd50442ff6d4
SHA-256: a03b14c5a054a4df44ada2ea9b6b74dc083a2b6a2957521639f3801265ad011e
Size: 230.26 kB
English