CERTA-2012-ALE-008
Vulnerability from certfr_alerte - Published: - Updated:
Une vulnérabilité a été découverte sur des terminaux équipés du composant «Exynos 4» (Exynos 4210 ou Exynos 4412) de Samsung. Le pilote de ce composant permet à une application d'élever ses privilèges sur le système et d'exécuter du code en tant qu'administrateur (root).
La liste des systèmes affectés pourrait potentiellement être étendue à des terminaux d'autres marques équipés du composant «Exynos 4» et du pilote Samsung correspondant.
Solution
Le CERTA recommande l'installation de la version 4.1.2 (compilation JZO54K) du système Android corrigeant cette vulnérabilité.
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Samsung Galaxy Note ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Galaxy Note 2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Galaxy S3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Galaxy S2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Galaxy Note 10.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2012-12-18",
"content": "## Solution\n\nLe CERTA recommande l\u0027installation de la version 4.1.2 (compilation\nJZO54K) du syst\u00e8me Android corrigeant cette vuln\u00e9rabilit\u00e9.\n",
"cves": [],
"links": [],
"reference": "CERTA-2012-ALE-008",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte sur des terminaux \u00e9quip\u00e9s du\ncomposant \u00abExynos 4\u00bb (\u003cspan class=\"textit\"\u003eExynos 4210\u003c/span\u003e ou \u003cspan\nclass=\"textit\"\u003eExynos 4412\u003c/span\u003e) de Samsung. Le pilote de ce composant\npermet \u00e0 une application d\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me et\nd\u0027ex\u00e9cuter du code en tant qu\u0027administrateur (\u003cspan\nclass=\"textit\"\u003eroot\u003c/span\u003e).\n\nLa liste des syst\u00e8mes affect\u00e9s pourrait potentiellement \u00eatre \u00e9tendue \u00e0\ndes terminaux d\u0027autres marques \u00e9quip\u00e9s du composant \u00abExynos 4\u00bb et du\npilote Samsung correspondant.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans certains terminaux Samsung",
"vendor_advisories": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…