PT-2017-8058 · Samsung · Samsung Kernel

Aristide Fattori

Published

2017-04-13

Updated

2017-04-25

CVE-2016-2567

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Samsung kernel for Android versions on SM-N9005 build N9005XXUGBOB6 and SM-G920F build G920FXXU2COH2

Description The issue allows attackers to bypass URL filtering by inserting an exceptional URL in the query string. For example, the URL 'http://should-have-been-filtered.example.com/?http://google.com' can be used to bypass filtering.

Recommendations For SM-N9005 build N9005XXUGBOB6, update the software to a version that fixes this issue. For SM-G920F build G920FXXU2COH2, update the software to a version that fixes this issue. As a temporary workaround, consider restricting access to URLs that contain query strings with exceptional URLs until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-2567

Affected Products

Samsung Kernel

PT-2017-8058 · Samsung · Samsung Kernel

CVE-2016-2567

Weakness Enumeration

Related Identifiers

Affected Products

References · 3