PT-2017-8058 · Samsung · Samsung Kernel

Aristide Fattori

Publicado

2017-04-13

Atualizado

2017-04-25

CVE-2016-2567

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Samsung kernel for Android versions on SM-N9005 build N9005XXUGBOB6 and SM-G920F build G920FXXU2COH2

Description The issue allows attackers to bypass URL filtering by inserting an exceptional URL in the query string. For example, the URL 'http://should-have-been-filtered.example.com/?http://google.com' can be used to bypass filtering.

Recommendations For SM-N9005 build N9005XXUGBOB6, update the software to a version that fixes this issue. For SM-G920F build G920FXXU2COH2, update the software to a version that fixes this issue. As a temporary workaround, consider restricting access to URLs that contain query strings with exceptional URLs until a patch is available.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2016-2567

Produtos afetados

Samsung Kernel

PT-2017-8058 · Samsung · Samsung Kernel

CVE-2016-2567

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3