Hello all o/

This is intentional. And easy to reverse.

The patch for CVE-2023-45866 works as intended and is not a regression.

If ClassicBondedOnly is not enforced, a nearby attacker can create a HID
(like a keyboard and mouse) on the victims PC when bluetooth is
discoverable. An HID can be used as a keyloggers or, of course, give
direct control of the session. The CVE reporter has discussed this
further on https://github.com/skysafe/reblog/tree/main/cve-2023-45866
And a talk and PoC release is forthcoming.

Fortunately, it is easy to enable legacy devices by setting 
`ClassicBondedOnly=false` in `/etc/bluetooth/input.conf`, and then running 
`systemctl restart bluetooth`. I ver
ified that a PS3 controller works well after this :)

All other distros *should* be fixing this CVE. I would love it if bloggers in 
the Linux gaming sphere could raise awareness about this CVE and share how to 
enable legacy bluetooth device support.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-45866

** Changed in: bluez (Ubuntu)
       Status: Confirmed => Won't Fix

** Changed in: bluez (Ubuntu)
     Assignee: Nishit Majithia (0xnishit) => Mark Esler (eslerm)

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.

  ps3 sixasis controller request pin to connect to bt

Status in bluez package in Ubuntu:
  Won't Fix

Bug description:
  Once my Ubuntu updated bluez package to 5.64-0ubuntu1.1 I was not able
  to connect my PS3 Sixasis controller via bluetooth. It is aking to
  enter a PIN in the device (not possible to enter a pin in the

  Source pacakge (from "apt list -a bluez"):

  bluez/jammy-updates,jammy-security 5.64-0ubuntu1.1 amd64

  Once downgraded to 5.64-0ubuntu1 version, gamepad connects OK again
  without asking for a connection PIN.

  Ubuntu release:
  Description:  Ubuntu 22.04.3 LTS
  Release:      22.04

  Package version:
    Installed: 5.64-0ubuntu1.1

  Expected to happen:
  Connect PS3 Controller by Bluetooth without asking for a PIN code

  Happened instead:
  PS3 Controller cannot connect because PIN code is requested

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to