module
blueman set_dhcp_handler D-Bus Privilege Escalation
| Disclosed |
|---|
| Dec 18, 2015 |
Disclosed
Dec 18, 2015
Description
This module attempts to gain root privileges by exploiting a Python
code injection vulnerability in blueman versions prior to 2.0.3.
The `org.blueman.Mechanism.EnableNetwork` D-Bus interface exposes the
`set_dhcp_handler` function which uses user input in a call to `eval`,
without sanitization, resulting in arbitrary code execution as root.
This module has been tested successfully with blueman version 1.23
on Debian 8 Jessie (x64).
code injection vulnerability in blueman versions prior to 2.0.3.
The `org.blueman.Mechanism.EnableNetwork` D-Bus interface exposes the
`set_dhcp_handler` function which uses user input in a call to `eval`,
without sanitization, resulting in arbitrary code execution as root.
This module has been tested successfully with blueman version 1.23
on Debian 8 Jessie (x64).
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.