Blueman < 2.1.4 local privilege escalation Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-10-28 |
Type : local |
Platform : linux
This exploit / vulnerability Blueman < 2.1.4 local privilege escalation is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Local Privilege Escalation in Blueman < 2.1.4
# Date: 2020-10-27
# Exploit Author: Vaisha Bernard (vbernard - at - eyecontrol.nl)
# Vendor Homepage: https://github.com/blueman-project/blueman
# Software Link: https://github.com/blueman-project/blueman
# Version: < 2.1.4
# Tested on: Ubuntu 20.04
# CVE: CVE-2020-15238
#
# By default installed on Ubuntu 16.04 - 20.10 and
# Debian 9 - 11
#
# Local root exploit when dhcpcd is used instead of dhclient
#
# Reference: https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html
#
#
# The DhcpClient method of the d-bus interface to blueman-mechanism
# is prone to an argument injection vulnerability.
# On systems where the isc-dhcp-client package is removed
# and the dhcpcd package installed, this leads to Local
# Privilege Escalation to root from any unprivileged user.
# See attached python script for a working exploit. Or use
# this oneliner with a shellscript "/tmp/eye":
# This happens because the argument is not sanitized before
# being used as an argument to dhcpcd.
#
# Also on default installations with isc-dhcp-client installed,
# this can lead to DoS attacks by bringing any interface down
# as follows: