Lucene search

Gentoo FoundationMGASA-2020-0402

HistoryNov 08, 2020 - 5:14 p.m.

Updated blueman packages fixes a security vulnerability

2020-11-0817:14:27

Gentoo Foundation

advisories.mageia.org

blueman

package

vulnerability

input sanitization

escalation

privileges

arbitrary code

denial of service

cve-2020-15238

unix

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L

EPSS

0.001

Percentile

24.1%

JSON

Vaisha Bernard discovered that blueman did not properly sanitize input on the D-Bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service (CVE-2020-15238).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchblueman< 2.1.4-1blueman-2.1.4-1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	blueman	< 2.1.4-1	blueman-2.1.4-1.mga7

References

bugs.mageia.org/show_bug.cgi?id=27485

ubuntu.com/security/notices/USN-4605-1

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L

EPSS

0.001

Percentile

24.1%

JSON

Related for MGASA-2020-0402