CVE-2015-8612 : The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users

The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.

Published 2016-01-08 19:59:16

Updated 2019-01-17 11:29:00

Source Debian GNU/Linux

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-8612

Probability of exploitation activity in the next 30 days: 0.51%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2015-8612

blueman set_dhcp_handler D-Bus Privilege Escalation

Disclosure Date: 2015-12-18

First seen: 2020-04-26

exploit/linux/local/blueman_set_dhcp_handler_dbus_priv_esc

This module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The `org.blueman.Mechanism.EnableNetwork` D-Bus interface exposes the `set_dhcp_handler` function which uses user input in a call to

More information

CVSS scores for CVE-2015-8612

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.4	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.5	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-8612

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-8612

http://www.openwall.com/lists/oss-security/2015/12/18/6

oss-security - CVE request: Blueman: Privilege escalation in blueman dbus API
https://github.com/blueman-project/blueman/issues/416

Privilege escalation in blueman dbus API · Issue #416 · blueman-project/blueman · GitHub
http://www.openwall.com/lists/oss-security/2015/12/19/1

oss-security - Re: CVE request: Blueman: Privilege escalation in blueman dbus API
http://www.securityfocus.com/bid/79688

Blueman CVE-2015-8612 Remote Privilege Escalation Vulnerability
https://github.com/blueman-project/blueman/releases/tag/2.0.3

Release 2.0.3 · blueman-project/blueman · GitHub
http://www.debian.org/security/2015/dsa-3427

Debian -- Security Information -- DSA-3427-1 blueman
http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html

Slackware Security Advisory - blueman Updates ≈ Packet Storm
https://twitter.com/thegrugq/status/677809527882813440

thaddeus e. grugq on Twitter: "7350greenman [~]> D=org.blueman.Mechanism;gdbus call -y -d $D -o / -m ${D}.EnableNetwork ‘[]’ ‘[]’ “os.chmod(‘/bin/sh’,0x9ed)”;sh -p||sh"
https://www.exploit-db.com/exploits/46186/

blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.421085

The Slackware Linux Project: Slackware Security Advisories

Products affected by CVE-2015-8612

Blueman Project » Blueman
Versions up to, including, (<=) 2.0
cpe:2.3:a:blueman_project:blueman:*:*:*:*:*:*:*:*
Matching versions