CERTA-2012-ALE-008
Vulnerability from certfr_alerte
Une vulnérabilité a été découverte sur des terminaux équipés du composant «Exynos 4» (Exynos 4210 ou Exynos 4412) de Samsung. Le pilote de ce composant permet à une application d'élever ses privilèges sur le système et d'exécuter du code en tant qu'administrateur (root).
La liste des systèmes affectés pourrait potentiellement être étendue à des terminaux d'autres marques équipés du composant «Exynos 4» et du pilote Samsung correspondant.
Solution
Le CERTA recommande l'installation de la version 4.1.2 (compilation JZO54K) du système Android corrigeant cette vulnérabilité.
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Samsung Galaxy Note ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Galaxy Note 2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Galaxy S3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Galaxy S2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Galaxy Note 10.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2012-12-18",
"content": "## Solution\n\nLe CERTA recommande l\u0027installation de la version 4.1.2 (compilation\nJZO54K) du syst\u00e8me Android corrigeant cette vuln\u00e9rabilit\u00e9.\n",
"cves": [],
"initial_release_date": "2012-12-18T00:00:00",
"last_revision_date": "2012-12-18T00:00:00",
"links": [],
"reference": "CERTA-2012-ALE-008",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte sur des terminaux \u00e9quip\u00e9s du\ncomposant \u00abExynos 4\u00bb (\u003cspan class=\"textit\"\u003eExynos 4210\u003c/span\u003e ou \u003cspan\nclass=\"textit\"\u003eExynos 4412\u003c/span\u003e) de Samsung. Le pilote de ce composant\npermet \u00e0 une application d\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me et\nd\u0027ex\u00e9cuter du code en tant qu\u0027administrateur (\u003cspan\nclass=\"textit\"\u003eroot\u003c/span\u003e).\n\nLa liste des syst\u00e8mes affect\u00e9s pourrait potentiellement \u00eatre \u00e9tendue \u00e0\ndes terminaux d\u0027autres marques \u00e9quip\u00e9s du composant \u00abExynos 4\u00bb et du\npilote Samsung correspondant.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans certains terminaux Samsung",
"vendor_advisories": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…