Vigil@nce - Bluetooth Drivers: multiple vulnerabilities
November 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities were announced in several implementations
of Bluetooth drivers.
Impacted products: iOS by Apple, iPhone, Android OS, Linux,
Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012,
Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux
Enterprise Desktop, SLES, Unix (platform) not comprehensive,
WindRiver Linux.
Severity: 2/4.
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in several implementations
of Bluetooth drivers:
– Android : Information Leak Vulnerability (CVE-2017-0785) -
VIGILANCE-VUL-23741
– Android : Remote Code Execution Vulnerability #1
(CVE-2017-0781) - VIGILANCE-VUL-23741
– Android : Remote Code Execution vulnerability #2
(CVE-2017-0782) - VIGILANCE-VUL-23741
– Android : Man in The Middle attack (CVE-2017-0783) -
VIGILANCE-VUL-23741
– Windows : Man in The Middle attack (CVE-2017-8628) -
VIGILANCE-VUL-23826
– Linux : BlueZ Information leak vulnerability (CVE-2017-1000250)
– VIGILANCE-VUL-23829
– Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) -
VIGILANCE-VUL-23830
– iOS : Remote code execution via Low Energy Audio Protocol
(CVE-2017-14315) - mitigated by iOS 10
This bulletin serves as a cap because all these vulnerabilities
have been grouped under the name "BlueBorne". Individual bulletins
are referenced at the end of each line.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Bluetooth-Drivers-multiple-vulnerabilities-23818