CVE-2015-7890 – Samsung - 'seiren' Kernel Driver Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-7890
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. Múltiples desbordamientos de búfer en la función esa_write en el archivo /dev/seirenin en el controlador Exynos Seiren Audio, como es usado en Samsung S6 Edge, permiten a usuarios locales causar una denegación de servicio (corrupción de memoria) por medio de un parámetro (1) buffer o (2) size de gran tamaño • https://www.exploit-db.com/exploits/38556 http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html https://code.google.com/p/google-security-research/issues/detail?id=491 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2015-7889 – Samsung - SecEmailComposer QUICK_REPLY_BACKGROUND Permissions
https://notcve.org/view.php?id=CVE-2015-7889
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. La aplicación SecEmailComposer/EmailComposer en Samsung S6 Edge, en versiones anteriores a la October 2015 MR, utiliza permisos débiles para la acción de servicio com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND. Esto puede permitir que atacantes remotos que conozcan la dirección de email local obtengan información sensible mediante una aplicación manipulada que envíe un intent manipulado. The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content. • https://www.exploit-db.com/exploits/38558 http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html http://www.securityfocus.com/bid/77339 https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1 • CWE-275: Permission Issues •
CVE-2015-7888 – Samsung WifiHs20UtilityService Path Traversal
https://notcve.org/view.php?id=CVE-2015-7888
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. Vulnerabilidad de salto de directorio en WifiHs20UtilityService en el Samsung S6 Edge LRX22G.G925VVRU1AOE2, permite a atacantes remotos sobrescribir o crear archivos arbitrarios como un usuario a nivel de sistema a través de .. (punto punto) en un archivo comprimido en Cred.zip, y descargado en /sdcard/Download. A path traversal vulnerability was found in the WifiHs20UtilityService. • http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html http://www.securityfocus.com/bid/77338 https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •