Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Ubuntu: Security Advisory for bluez (USN-4989-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'bluez' package(s) announced via the USN-4989-1 advisory.
Insight
Insight
It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. (CVE-2020-26558) Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153) Ziming Zhang discovered that BlueZ incorrectly handled certain array indexes. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-3588)
Affected Software
Affected Software
'bluez' package(s) on Ubuntu 20.10, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
Please install the updated package(s).