Lucene search
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2021-3DEDD41A06.NASLHistoryMar 17, 2021 - 12:00 a.m.
Fedora 33 : switchboard-plug-bluetooth (2021-3dedd41a06)
2021-03-1700:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-3dedd41a06 advisory.
- Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn’t expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it’s possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc…) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g.
bluetoothctlCLI).
(CVE-2021-21367)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2021-3dedd41a06
#
include('compat.inc');
if (description)
{
script_id(147859);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/12");
script_cve_id("CVE-2021-21367");
script_xref(name:"FEDORA", value:"2021-3dedd41a06");
script_name(english:"Fedora 33 : switchboard-plug-bluetooth (2021-3dedd41a06)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the
FEDORA-2021-3dedd41a06 advisory.
- Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an
incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode),
Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate
attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the
active consent of the user. By default, elementary OS doesn't expose any services via Bluetooth that allow
information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list
sharing software) have been installed, it's possible that attackers have been able to extract data from
such services without authorization. If no such services have been installed, attackers are only able to
pair with a device running an affected version without authorization and then play audio out of the device
or possibly present a HID device (keyboard, mouse, etc...) to control the device. As such, users should
check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is
fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open
the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public
areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within
switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI).
(CVE-2021-21367)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2021-3dedd41a06");
script_set_attribute(attribute:"solution", value:
"Update the affected switchboard-plug-bluetooth package.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21367");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/09");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:33");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:switchboard-plug-bluetooth");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/RedHat/release');
if (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^33([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
pkgs = [
{'reference':'switchboard-plug-bluetooth-2.3.5-1.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'switchboard-plug-bluetooth');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 33 | cpe:/o:fedoraproject:fedora:33 |
| fedoraproject | fedora | switchboard-plug-bluetooth | p-cpe:/a:fedoraproject:fedora:switchboard-plug-bluetooth |
Related
openvas
openvas
cve
cve
CVE-2021-21367
2021-03-12 17:15:00
fedora
fedora
[SECURITY] Fedora 34 Update: switchboard-plug-bluetooth-2.3.5-1.fc34
2021-03-19 20:31:27
[SECURITY] Fedora 33 Update: switchboard-plug-bluetooth-2.3.5-1.fc33
2021-03-17 02:18:53
[SECURITY] Fedora 32 Update: switchboard-plug-bluetooth-2.3.5-1.fc32
2021-03-18 04:12:41
prion
prion
Authorization
2021-03-12 17:15:00
nessus
nessus
Fedora 32 : switchboard-plug-bluetooth (2021-7d55c00267)
2021-03-18 00:00:00
osv
osv
CVE-2021-21367
2021-03-12 17:15:12
Related for FEDORA_2021-3DEDD41A06.NASL