Published: 08/01/2016 Updated: 17/01/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.4 | Impact Score: 5.9 | Exploitability Score: 2.5

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman prior to 2.0.3 allows local users to gain privileges via the dhcp_handler argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
blueman project blueman

It was discovered that the Mechanism plugin of Blueman, a graphical Bluetooth manager, allows local privilege escalation For the oldstable distribution (wheezy), this problem has been fixed in version 123-1+deb7u1 For the stable distribution (jessie), this problem has been fixed in version 199~alpha1-1+deb8u1 For the unstable distribution (sid ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Exploit::EXE include Msf: ...

CWE-264 http://www.openwall.com/lists/oss-security/2015/12/18/6 https://github.com/blueman-project/blueman/issues/416 https://twitter.com/thegrugq/status/677809527882813440 http://www.openwall.com/lists/oss-security/2015/12/19/1 http://www.debian.org/security/2015/dsa-3427 https://github.com/blueman-project/blueman/releases/tag/2.0.3 http://www.securityfocus.com/bid/79688 http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.421085 https://www.exploit-db.com/exploits/46186/https://nvd.nist.gov https://www.debian.org/security/./dsa-3427 https://www.exploit-db.com/exploits/46186

CVE-2015-8612

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect