Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.7
CVSSv2

CVE-2017-1000251

Published: 12/09/2017 Updated: 19/01/2023
CVSS v2 Base Score: 7.7 | Impact Score: 10 | Exploitability Score: 5.1
CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1
VMScore: 777
Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 8.0

debian debian linux 9.0

nvidia jetson_tk1 r21

nvidia jetson_tk1 r24

nvidia jetson_tx1 r21

nvidia jetson_tx1 r24

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 6.2

redhat enterprise linux server tus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux server aus 6.6

redhat enterprise linux server eus 7.2

redhat enterprise linux server tus 6.5

redhat enterprise linux server aus 6.4

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server eus 7.3

redhat enterprise linux server eus 7.4

redhat enterprise linux server tus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 6.7

redhat enterprise linux server tus 7.6

redhat enterprise linux server eus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux server tus 6.6

redhat enterprise linux server eus 7.7

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

Vendor Advisories

Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update ...
Debian CVElist Bug Report Logs: linux: CVE-2017-1000251
Debian Bug report logs - #875881 linux: CVE-2017-1000251 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Christoph Anton Mitterer <calestyo@scientianet> Date: Fri, 15 Sep 2017 14:42:01 UTC Severity: critical Tags: confirmed, fixed-upstream, security, ...
Debian Security Advisories: DSA-3981-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction A process inside a guest can take advanta ...
Amazon Linux AMI: ALAS-2017-914
stack buffer overflow in the native Bluetooth stackA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other th ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash if it received specially crafted bluetooth traffic ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2017-1000251
A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacke ...
Arch Linux Issues:
A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures), an unauthenticated attacker able to initiate a connection ...

Exploits

Exploit DB: Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
# Exploit Title: BlueBorne - Proof of Concept - Unarmed/Unweaponized - DoS (Crash) only # Date: 09/21/2017 # Exploit Author: Marcin Kozlowski &lt;marcinguy@gmailcom&gt; # Version: Kernel version v33-rc1, and thus affects all version from there on # Tested on: Linux 440-93-generic #116 # CVE : CVE-2017-1000251 # Provided for legal security rese ...

Github Repositories

https://github.com/CrackSoft900/Blue-Borne

BlueBorne Exploits & Framework This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities. Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found. Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-2017-10002…

Blue-Borne BlueBorne Exploits &amp; Framework This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-20

https://github.com/Lexus89/blueborne

BlueBorne Exploits &amp; Framework This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-2017-1000251) c

https://github.com/ArmisSecurity/blueborne

PoC scripts demonstrating the BlueBorne vulnerabilities

BlueBorne Exploits &amp; Framework This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-2017-1000251) c

https://github.com/chankruze/blueborne

BlueBorne Exploits &amp; Framework ============================= This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities Under android exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found Under linux-bluez exploits for the Linux-RCE vulnerability (CVE-2017-1000

https://github.com/hayzamjs/Blueborne-CVE-2017-1000251

Blueborne CVE-2017-1000251 PoC for linux machines

Blueborne A simple bluetooth DoS using the blueborne exploit (CVE-2017-1000251)

https://github.com/AxelRoudaut/THC_BlueBorne

Projet long TLS-SEC pour la réalisation d'un challenge "tuto" lors de la Toulouse Hacking Convention. Exploitation de la faille Blueborne.

THC_BlueBorne "Projet long" TLS-SEC: réalisation de challenges tutoriel pour la Toulouse Hacking Convention Ce tuto consiste en l'explication et la démonstration d'exploitation de 2 vulnérabilités présentes dans la pile protocolaire Bluetooth Ce projet reprend en très grande partie les travaux de recherches BlueBo

https://github.com/tlatkdgus1/blueborne-CVE-2017-1000251

clone

blueborne-CVE-2017-1000251 gitlabcom/marcinguy/blueborne-CVE-2017-1000251

https://github.com/own2pwn/blueborne-CVE-2017-1000251-POC

blueborne-CVE-2017-1000251-POC Just cloned GitLab repo All credit goes to: marcinguy For educational and testing purposes only It is not armed with payload, only Proof of Concept, to show it is possible

References

CWE-787https://www.armis.com/bluebornehttps://access.redhat.com/security/vulnerabilities/bluebornehttp://www.securityfocus.com/bid/100809https://www.kb.cert.org/vuls/id/240311http://www.securitytracker.com/id/1039373https://www.exploit-db.com/exploits/42762/http://nvidia.custhelp.com/app/answers/detail/a_id/4561http://www.debian.org/security/2017/dsa-3981https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fehttps://access.redhat.com/errata/RHSA-2017:2732https://access.redhat.com/errata/RHSA-2017:2731https://access.redhat.com/errata/RHSA-2017:2707https://access.redhat.com/errata/RHSA-2017:2706https://access.redhat.com/errata/RHSA-2017:2705https://access.redhat.com/errata/RHSA-2017:2704https://access.redhat.com/errata/RHSA-2017:2683https://access.redhat.com/errata/RHSA-2017:2682https://access.redhat.com/errata/RHSA-2017:2681https://access.redhat.com/errata/RHSA-2017:2680https://access.redhat.com/errata/RHSA-2017:2679https://www.synology.com/support/security/Synology_SA_17_52_BlueBornehttps://access.redhat.com/errata/RHSA-2017:2732https://nvd.nist.govhttps://www.exploit-db.com/exploits/42762/https://usn.ubuntu.com/3422-2/https://www.kb.cert.org/vuls/id/240311
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook