CVE-2017-5217
https://notcve.org/view.php?id=CVE-2017-5217
Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 http://www.securityfocus.com/bid/95319 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-9965
https://notcve.org/view.php?id=CVE-2016-9965
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119. Falta de manejo de excepciones apropiado en algunos receptores de la aplicación Telecom en dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permite a atacantes bloquear el sistema fácilmente resultando en un posible ataque DoS, o posiblemente obtener privilegios. El ID de Samsung es SVE-2016-7119. • http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 http://www.securityfocus.com/bid/94955 • CWE-388: 7PK - Errors •
CVE-2016-9967
https://notcve.org/view.php?id=CVE-2016-9967
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121. Falta de manejo de excepciones apropiado en algunos receptores de la aplicación Telecom en dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permite a atacantes bloquear el sistema fácilmente resultando en un posible ataque DoS, o posiblemente obtener privilegios. El ID de Samsung es SVE-2016-7121. • http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 http://www.securityfocus.com/bid/94955 • CWE-388: 7PK - Errors •
CVE-2016-9966
https://notcve.org/view.php?id=CVE-2016-9966
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120. Falta de manejo de excepciones apropiado en algunos receptores de la aplicación Telecom en dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permite a atacantes bloquear el sistema fácilmente resultando en un posible ataque DoS, o posiblemente obtener privilegos. El ID de Samsung es SVE-2016-7120. • http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 http://www.securityfocus.com/bid/94955 • CWE-388: 7PK - Errors •
CVE-2016-9567
https://notcve.org/view.php?id=CVE-2016-9567
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343. El servicio del sistema mDNIe en dispositivos Samsung Mobile S7 con software M(6.0) no restringe adecuadamente las llamadas a la API setmDNIeScreenCurtain, permitiendo a los atacantes controlar la pantalla del dispositivo. Esto puede ser explotado a través de una aplicación manipulada para escuchar a escondidas después del apagado del teléfono o grabar una conversación. • http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016 http://www.securityfocus.com/bid/94494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •