The security company Armis has revealed eight separate Bluetooth wireless protocol flaws known collectively as BlueBorne. This new nasty set of vulnerabilities have the potential to wreak havoc on iPhones, Android devices, Windows PC, and, oh yes, Linux desktops and server, as well.
While BlueBorne requires a Bluetooth connection to spread, once the security holes are exploited, a single infected device could infect numerous devices and computers in seconds. Attacks made with BlueBorne are silent, avoid activating most security measures, and require nothing from new victims except that their devices have Bluetooth on.
On Linux servers and desktops, BlueBorne can attack via the Linux kernel’s implementation of the Bluetooth Host L2CAP protocol. Specifically, it impacts Linux using L2CAP version 3.3 and above. The vulnerability has been assigned CVE-2017-1000251. Red Hat rates this vulnerability as important.
The Logical Link Control and Adaptation Layer Protocol (L2CAP) works at the Bluetooth stack’s data link layer. It provides services such as connection multiplexing, segmentation, and reassembly of packets for upper-layer protocols such as Bluetooth.
Submitted by: Arnfried Walbrecht