Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2021-0281
HistoryJun 23, 2021 - 8:11 p.m.

Updated bluez packages fix security vulnerability

2021-06-2320:11:28
Gentoo Foundation
advisories.mageia.org
40
bluetooth
bluez
security
vulnerability
man-in-the-middle
authentication
cve-2020-26558
cve-2021-3588
bounds checks

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

29.8%

JSON

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (CVE-2020-26558). The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the ‘offset’ variable before using it as an index into an array for reading (CVE-2021-3588).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchbluez< 5.54-1.2bluez-5.54-1.2.mga7
Mageia8noarchbluez< 5.55-3.1bluez-5.55-3.1.mga8

Related

openvas 36
ubuntu 8
nessus 47
osv 20
gentoo 1
redhatcve 2
nvd 2
cvelist 2
cve 2
veracode 1
cbl_mariner 2
prion 2
suse 5
oraclelinux 1
ubuntucve 2
debiancve 2
redhat 1
alpinelinux 1
intel 2
debian 5
hp 1
fedora 1
cloudfoundry 2
lenovo 1
thn 1
cert 1
amazon 2
photon 3
slackware 1
ics 1
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0281)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4989-1)
2021-06-17 00:00:00
openSUSE: Security Advisory for bluez (openSUSE-SU-2021:2459-1)
2021-07-23 00:00:00
ubuntu
ubuntu
BlueZ vulnerabilities
2021-06-16 00:00:00
BlueZ vulnerabilities
2021-06-16 00:00:00
Linux kernel vulnerabilities
2021-07-20 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : BlueZ vulnerabilities (USN-4989-1)
2021-06-16 00:00:00
GLSA-202209-16 : BlueZ: Multiple Vulnerabilities
2022-09-29 00:00:00
RHEL 8 : bluez (RHSA-2021:4432)
2021-11-11 00:00:00
osv
osv
bluez vulnerabilities
2021-06-16 12:18:32
CVE-2020-26558
2021-05-24 18:15:07
Bluetooth security notice: (VU#799380.8 TLP:AMBER)
2021-06-01 00:00:00
gentoo
gentoo
BlueZ: Multiple Vulnerabilities
2022-09-29 00:00:00
redhatcve
redhatcve
CVE-2021-3588
2021-06-10 18:47:00
CVE-2020-26558
2021-05-26 13:13:35
nvd
nvd
CVE-2021-3588
2021-06-10 03:15:07
CVE-2020-26558
2021-05-24 18:15:07
cvelist
cvelist
CVE-2021-3588 memory contents disclosure in cli_feat_read_cb
2021-06-10 02:30:11
CVE-2020-26558
2021-05-24 17:22:16
cve
cve
CVE-2020-26558
2021-05-24 18:15:07
CVE-2021-3588
2021-06-10 03:15:07
veracode
veracode
Man-in-the-middle (MITM)
2021-06-16 13:50:27
cbl_mariner
cbl_mariner
CVE-2020-26558 affecting package kernel 5.10.111.1-1
2022-05-26 19:04:50
CVE-2021-3588 affecting package bluez for versions less than 5.63-1
2022-04-27 01:51:52
prion
prion
Out-of-bounds
2021-06-10 03:15:00
Authentication flaw
2021-05-24 18:15:00
suse
suse
Security update for bluez (moderate)
2021-07-22 00:00:00
Security update for bluez (moderate)
2021-07-12 00:00:00
Security update for the Linux Kernel (important)
2021-06-30 00:00:00
oraclelinux
oraclelinux
bluez security update
2021-11-24 00:00:00
ubuntucve
ubuntucve
CVE-2020-26558
2021-06-08 00:00:00
CVE-2021-3588
2021-06-10 00:00:00
debiancve
debiancve
CVE-2020-26558
2021-05-24 18:15:07
CVE-2021-3588
2021-06-10 03:15:07
redhat
redhat
(RHSA-2021:4432) Moderate: bluez security update
2021-11-09 09:21:28
alpinelinux
alpinelinux
CVE-2021-3588
2021-06-10 03:15:00
intel
intel
Intel® Wireless Bluetooth® and Killer™ Bluetooth® Advisory
2021-06-08 00:00:00
BlueZ Advisory
2021-06-08 00:00:00
debian
debian
[SECURITY] [DLA 2692-1] bluez security update
2021-06-26 23:26:46
[SECURITY] [DSA 4951-1] bluez security update
2021-08-07 18:51:55
[SECURITY] [DSA 4951-1] bluez security update
2021-08-07 18:51:55
hp
hp
Intel® Wireless Bluetooth® and Killer™ Bluetooth® June 2021 Security Update
2021-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-5.12.7-300.fc34
2021-05-28 01:01:35
cloudfoundry
cloudfoundry
USN-5017-1: Linux kernel vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
USN-5343-1: Linux kernel vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
lenovo
lenovo
Multiple Bluetooth Core Specification Vulnerabilities - Lenovo Support NL
2021-06-08 01:15:10
thn
thn
New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices
2021-05-25 05:17:00
cert
cert
Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure
2021-05-24 00:00:00
amazon
amazon
Important: kernel
2021-07-14 20:35:00
Important: kernel
2021-07-14 20:35:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0278
2021-08-01 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0278
2021-08-01 00:00:00
Critical Photon OS Security Update - PHSA-2021-0409
2021-07-01 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2021-07-21 05:44:30
ics
ics
Siemens SIMATIC
2024-03-14 12:00:00

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

29.8%

JSON
Related for MGASA-2021-0281
openvas36ubuntu8nessus47osv20gentoo1redhatcve2nvd2cvelist2cve2veracode1cbl_mariner2prion2suse5oraclelinux1ubuntucve2debiancve2redhat1alpinelinux1intel2debian5hp1fedora1cloudfoundry2lenovo1thn1cert1amazon2photon3slackware1ics1