BlueBorne PoC test

Just ran a quick BlueBorne (https://github.com/ojasookert/CVE-2017-0785)  PoC test  against an Asus Nexus 7 II (Android 6.0.1) tablet.

The stack gets dumped

According to the info provided by https://www.armis.com/blueborne/

iOS
All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability (CVE-2017-14315). This vulnerability was already mitigated by Apple in iOS 10, so no new patch is needed to mitigate it. We recommend you upgrade to the latest iOS or tvOS available.

IOS 6.1.6 (iPod Touch 4)   seems not vulnerable …

panasonic user # python CVE-2017-0785.py TARGET=78:6C:2C:33:A9:B1
[├] Exploit: Sending packet 0
[ERROR] Invalid continuation state received.
Traceback (most recent call last):
 File "CVE-2017-0785.py", line 38, in <module>
 log.error('Invalid continuation state received.')
 File "/usr/local/lib/python2.7/dist-packages/pwnlib/log.py", line 417, in error
 raise PwnlibException(message % args)
pwnlib.exception.PwnlibException: Invalid continuation state received

 

Advertisement

About astr0baby

Please run Adblock or similar... we have been told to do so since Carl Sagan wrote the Contact .
This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to BlueBorne PoC test

  1. p209979 says:

    It’s not iOS vulnerability in the first place. It’s information leak vulnerability on Android, in the way it handles SDP.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.