SailfishOS and Blueborne bluetooth attack
Is SailfishOS currently affected by the Blueborne attack on bluetooth? Linux is explicitly vulnerable. But it also states that ASLR provides a degree of protection.
ASLR seems to be in place on my J1 on 2.1.1.26:
[nemo@Sailfish ~]$ cat /proc/sys/kernel/randomize_va_space
2
This is good, it means ASLR enabled: "Full address space randomization. Contains the feature of value 1 in addition brk area is randomized.")
[nemo@Sailfish ~]$ file /usr/sbin/bluetoothd
/usr/sbin/bluetoothd: ELF 32-bit LSB shared object, ARM, EABI5 version 1…
This is also good: "shared object" instead of "executable", the latter would indicate it has position dependent code, and therefor no ASLR.
Does this indeed indicate sufficient protection for now?
More details here: https://www.armis.com/blueborne/ (via https://blog.fefe.de/?ts=a746ec57)
cy8aer ( 2017-09-13 00:01:07 +0200 )editCVE-2017-1000250 and CVE-2017-1000251 : https://access.redhat.com/security/vulnerabilities/blueborne
lpr ( 2017-09-13 13:31:39 +0200 )editandroid-security-bulletin: Sep-2017 CVE-2017-0783 A-63145701
phoronix-article: link
proof of concept of ASLR workaround: link (dealing with stagefright and android4.4 on armv7 but I don't think we're save from an adapted attack in general)
glad to see that jolla track it :-)
cemoi71 ( 2017-09-15 12:37:28 +0200 )edit