CVE-2015-8612

HIGH

Blueman <2.0.3 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-8612. PoCs published by Metasploit, Sebastian Krahmer, bcoles, including Metasploit module exploits/linux/local/blueman_set_dhcp_handler_dbus_priv_esc.

AI-analyzed exploit summary This Metasploit module exploits a Python code injection vulnerability in blueman (CVE-2015-8612) via the `set_dhcp_handler` D-Bus function, which uses unsanitized user input in an `eval` call, leading to arbitrary command execution as root.

Description

The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/46186

This Metasploit module exploits a Python code injection vulnerability in blueman (CVE-2015-8612) via the `set_dhcp_handler` D-Bus function, which uses unsanitized user input in an `eval` call, leading to arbitrary command execution as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: blueman < 2.0.3
No auth needed
Prerequisites: dbus-send installed · blueman service running · D-Bus access to org.blueman.Mechanism
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Sebastian Krahmer, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/blueman_set_dhcp_handler_dbus_priv_esc.rb

This Metasploit module exploits a Python code injection vulnerability in blueman versions prior to 2.0.3 via the `set_dhcp_handler` D-Bus interface, which uses unsanitized user input in an `eval` call, leading to arbitrary code execution as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: blueman < 2.0.3
No auth needed
Prerequisites: dbus-send installed · vulnerable blueman version · access to D-Bus system bus
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/79688
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3427
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46186/
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/12/18/6
Issue Tracking x_refsource_confirm
https://github.com/blueman-project/blueman/issues/416
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/12/19/1

Scores

CVSS v3 8.4
EPSS 0.2311
EPSS Percentile 96.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (1)
blueman_project/blueman < 2.0
Published Jan 08, 2016
Tracked Since Feb 18, 2026