Vigil@nce - Bluetooth Drivers: multiple vulnerabilities
November 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities were announced in several implementations of Bluetooth drivers.
Impacted products: iOS by Apple, iPhone, Android OS, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux Enterprise Desktop, SLES, Unix (platform) not comprehensive, WindRiver Linux.
Creation date: 12/09/2017.
Revisions dates: 13/09/2017, 13/09/2017.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in several implementations
of Bluetooth drivers:
Android : Information Leak Vulnerability (CVE-2017-0785) - VIGILANCE-VUL-23741
Android : Remote Code Execution Vulnerability #1 (CVE-2017-0781) - VIGILANCE-VUL-23741
Android : Remote Code Execution vulnerability #2 (CVE-2017-0782) - VIGILANCE-VUL-23741
Android : Man in The Middle attack (CVE-2017-0783) - VIGILANCE-VUL-23741
Windows : Man in The Middle attack (CVE-2017-8628) - VIGILANCE-VUL-23826
Linux : BlueZ Information leak vulnerability (CVE-2017-1000250)
Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) - VIGILANCE-VUL-23830
iOS : Remote code execution via Low Energy Audio Protocol (CVE-2017-14315) - mitigated by iOS 10
This bulletin serves as a cap because all these vulnerabilities have been grouped under the name "BlueBorne". Individual bulletins are referenced at the end of each line.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN