BlueBorne
|
⇤ ← Revision 1 as of 2017-09-12 19:43:39
Size: 2694
Comment: start knowledgebase article
|
Size: 3227
Comment: Add timeline and info for fixes
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
| == Bluetooth/BlueZ informtion disclosure in BlueZ and remote code execution in the bluetooth L2CAP stack in the Linux kernel (CVE-2017-1000250, CVE-2017-1000251 aka BlueBorne) == | == Bluetooth/BlueZ information disclosure in BlueZ and remote code execution in the bluetooth L2CAP stack in the Linux kernel (CVE-2017-1000250, CVE-2017-1000251 aka BlueBorne) == |
| Line 5: | Line 5: |
| It was [[<PUBLIC URL> | discovered]] that .... An attacker could use this issue to ..., resulting in .... | ## It was [[<PUBLIC URL> | discovered]] that .... An attacker could use this issue to ..., resulting in .... |
| Line 8: | Line 8: |
| The second issue, [[https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000251.html | CVE-2017-1000251]], is a stack-based buffer overflow in the l2cap_config_rsp() function in the bluetooth L2CAP stack of the Linux kernel. This would normally result in remote code execution; however, Ubuntu kernels are built with the | The second issue, [[https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000251.html | CVE-2017-1000251]], is a stack-based buffer overflow in the l2cap_config_rsp() function in the bluetooth L2CAP stack of the Linux kernel. This would normally result in remote code execution; however, Ubuntu kernels are built with the CONFIG_STACKPROTECTOR configuration option enabled as a mitigtion, turning a stack-based buffer overflow into a denial of service. As of 2017-09-12 19:00 UTC, CVE-2017-1000250 has not been addressed by BlueZ upstream. Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.04 were affected. To address the issue ensure that [[https://launchpad.net/ubuntu/+source/bluez/4.101-0ubuntu13.3 | bluez 4.101-0ubuntu13.3]] (Ubuntu 14.04 LTS), [[https://launchpad.net/ubuntu/+source/bluez/5.37-0ubuntu5.1 | bluez 5.37-0ubuntu5.1 ]] (Ubuntu 16.04 LTS), or [[https://launchpad.net/ubuntu/+source/bluez/5.43-0ubuntu1.1 | bluez 5.43-0ubuntu1.1]] (Ubuntu 17.04) are installed. These updates were announced in [[http://www.ubuntu.com/usn/usn-3413-1 | USN 3413-1]]. |
| Line 15: | Line 17: |
| This issue was fixed in <UPSTREAM NAME> in <UPSTREAM VERSION>. Ubuntu <LIST OF UBUNTU VERSIONS> were affected. To address the issue, ensure that [[https://launchpad.net/ubuntu/+source/<source>/<version>|<source> <version>]] (Ubuntu <UBUNTU RELEASE>)... is/are installed. These updates were announced in [[http://www.ubuntu.com/usn/<USN>|USN XXX-N]]. | |
| Line 22: | Line 23: |
| * YYYY MMM DD: <RECEIVED NOTIFICATION OF ISSUE> * YYYY MMM DD: <ISSUE BECAME PUBLIC> * YYYY MMM DD: <UPDATED UBUNTU DEBS BECAME AVAILABLE> * YYYY MMM DD: <UPDATED UBUNTU CLOUD IMAGES BECAME AVAILABLE> |
* 2017 Sept 05: received initial notification from Armis Labs * 2017 Sept 12: [[https://www.armis.com/blueborne/ | BlueBorne advisory]] is made public * 2017 Sept 12: linux kernel commit is made publicly available * 2017 Sept 12: Ubuntu BlueZ updates are made available in [[http://www.ubuntu.com/usn/usn-3413-1 | USN 3413-1]] |
| Line 28: | Line 29: |
| ==== Public Cloud Image updates ==== * Amazon AWS: <IN PROGRESS> * Windows Azure: <IN PROGRESS> * Google Compute Engine: <IN PROGRESS> * Ubuntu Core Images: <IN PROGRESS> Cloud Images dailies will start appearing within 4 hours of the USN announcement. At the direction of the security team, the Cloud Image Team will start manually releasing new images to the public cloud. |
#==== Public Cloud Image updates ==== # * Amazon AWS: <IN PROGRESS> # * Windows Azure: <IN PROGRESS> # * Google Compute Engine: <IN PROGRESS> # * Ubuntu Core Images: <IN PROGRESS> # #Cloud Images dailies will start appearing within 4 hours of the USN announcement. At the direction of the security team, the Cloud Image Team will start manually releasing new images to the public cloud. |
Bluetooth/BlueZ information disclosure in BlueZ and remote code execution in the bluetooth L2CAP stack in the Linux kernel (CVE-2017-1000250, CVE-2017-1000251 aka BlueBorne)
Multiple issues were discovered in the BlueZ stack. The first issue, CVE-2017-1000250, is an information disclosure vulnerability in the Service Discover Protocol implementation in the BlueZ bluetoothd userspace daemon. An physically proximate unauthenticated attacker could use this to expose memory from the bluetoothd daemon.
The second issue, CVE-2017-1000251, is a stack-based buffer overflow in the l2cap_config_rsp() function in the bluetooth L2CAP stack of the Linux kernel. This would normally result in remote code execution; however, Ubuntu kernels are built with the CONFIG_STACKPROTECTOR configuration option enabled as a mitigtion, turning a stack-based buffer overflow into a denial of service.
As of 2017-09-12 19:00 UTC, CVE-2017-1000250 has not been addressed by BlueZ upstream. Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.04 were affected. To address the issue ensure that bluez 4.101-0ubuntu13.3 (Ubuntu 14.04 LTS), bluez 5.37-0ubuntu5.1 (Ubuntu 16.04 LTS), or bluez 5.43-0ubuntu1.1 (Ubuntu 17.04) are installed. These updates were announced in USN 3413-1.
Timeline
- 2017 Sept 05: received initial notification from Armis Labs
2017 Sept 12: BlueBorne advisory is made public
- 2017 Sept 12: linux kernel commit is made publicly available
2017 Sept 12: Ubuntu BlueZ updates are made available in USN 3413-1
#==== Public Cloud Image updates ==== # * Amazon AWS: <IN PROGRESS> # * Windows Azure: <IN PROGRESS> # * Google Compute Engine: <IN PROGRESS> # * Ubuntu Core Images: <IN PROGRESS> # #Cloud Images dailies will start appearing within 4 hours of the USN announcement. At the direction of the security team, the Cloud Image Team will start manually releasing new images to the public cloud.
SecurityTeam/KnowledgeBase/BlueBorne (last edited 2017-09-20 12:50:53 by sbeattie)