{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T23:30:20.126","vulnerabilities":[{"cve":{"id":"CVE-2020-15238","sourceIdentifier":"security-advisories@github.com","published":"2020-10-27T19:15:12.237","lastModified":"2024-11-21T05:05:09.730","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules."},{"lang":"es","value":"Blueman es un GTK+ Bluetooth Manager. En Blueman versiones anteriores a 2.1.4, el método DhcpClient de la interfaz D-Bus en el mecanismo blueman es propenso a una vulnerabilidad de inyección de argumentos. El impacto depende en gran medida de la configuración del sistema. Si Polkit-1 está deshabilitado y para versiones inferiores a 2.0.6, cualquier usuario local posiblemente puede explotar esto. Si Polkit-1 está habilitado para la versión 2.0.6 y posteriores, un posible atacante debe poder usar la acción \"org.blueman.dhcp.client\". Eso está limitado a los usuarios en el grupo wheel en el archivo de reglas enviado que tienen los privilegios de cualquier manera. En los sistemas con el cliente DHCP de ISC (dhclient), unos atacantes pueden pasar argumentos a \"ip link\" con el nombre de la interfaz que, por ejemplo, puede usarse para desactivar una interfaz o agregar un programa XDP/BPF arbitrario. En sistemas con dhcpcd y sin cliente ISC DHCP, los atacantes pueden incluso ejecutar scripts arbitrarios pasando \"-c/path/to/script\" como nombre de la interfaz. Los parches son incluidos en versión 2.1.4 y el maestro que cambia los métodos DhcpClient D-Bus acepta rutas de objetos de red BlueZ en lugar de nombres de interfaz de red. También está disponible un backport hasta versión 2.0(.8). Como solución alternativa, asegúrese de que Polkit-1-support esté habilitado y limite los privilegios para la acción \"org.blueman.dhcp.client\" a usuarios que pueden ejecutar comandos arbitrarios como root de cualquier manera en /usr/share/ polkit-1 /rules.d/blueman.rules"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blueman_project:blueman:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.4","matchCriteriaId":"8C9B46B2-63AD-4EB8-B031-585524C1E7F3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","matchCriteriaId":"80F0FA5D-8D3B-4C0E-81E2-87998286AF33"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","matchCriteriaId":"36D96259-24BD-44E2-96D9-78CE1D41F956"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/blueman-project/blueman/releases/tag/2.1.4","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3F4EQU6CAPBKAPJ42HTB473NJLXFKB32/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFLMNHAHX5HPIKC5IG6F25HO5Z6RH2N/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W52NP7HRFTNAVNZLGKY4GR3JIZG5KKGS/","source":"security-advisories@github.com"},{"url":"https://security.gentoo.org/glsa/202011-11","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4781","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/blueman-project/blueman/releases/tag/2.1.4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3F4EQU6CAPBKAPJ42HTB473NJLXFKB32/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFLMNHAHX5HPIKC5IG6F25HO5Z6RH2N/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W52NP7HRFTNAVNZLGKY4GR3JIZG5KKGS/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202011-11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}