Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0281)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0281

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0281)

Resumen: The remote host is missing an update for the 'bluez' package(s) announced via the MGASA-2021-0281 advisory.

Descripción: Summary:
The remote host is missing an update for the 'bluez' package(s) announced via the MGASA-2021-0281 advisory.

Vulnerability Insight:
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1
through 5.2 may permit a nearby man-in-the-middle attacker to identify the
Passkey used during pairing (in the Passkey authentication procedure) by
reflection of the public key and the authentication evidence of the initiating
device, potentially permitting this attacker to complete authenticated pairing
with the responding device using the correct Passkey for the pairing session.
The attack methodology determines the Passkey value one bit at a time
(CVE-2020-26558).

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds
checks on the 'offset' variable before using it as an index into an array for
reading (CVE-2021-3588).

Affected Software/OS:
'bluez' package(s) on Mageia 7, Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:A/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-26558
Debian Security Information: DSA-4951 (Google Search)
https://www.debian.org/security/2021/dsa-4951
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
https://security.gentoo.org/glsa/202209-16
https://kb.cert.org/vuls/id/799380
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-3588
https://github.com/bluez/bluez/issues/70

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0281
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0281)
Resumen:	The remote host is missing an update for the 'bluez' package(s) announced via the MGASA-2021-0281 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bluez' package(s) announced via the MGASA-2021-0281 advisory. Vulnerability Insight: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (CVE-2020-26558). The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading (CVE-2021-3588). Affected Software/OS: 'bluez' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-26558 Debian Security Information: DSA-4951 (Google Search) https://www.debian.org/security/2021/dsa-4951 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/ https://security.gentoo.org/glsa/202209-16 https://kb.cert.org/vuls/id/799380 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3588 https://github.com/bluez/bluez/issues/70
Copyright	Copyright (C) 2022 Greenbone AG