CVE-2017-5217
Vulnerability from cvelistv5
Published
2017-01-09 08:48
Modified
2024-08-05 14:55
Severity ?
Summary
Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.497Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
          },
          {
            "name": "95319",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95319"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-10T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
        },
        {
          "name": "95319",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95319"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5217",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
              "refsource": "CONFIRM",
              "url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
            },
            {
              "name": "95319",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95319"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5217",
    "datePublished": "2017-01-09T08:48:00",
    "dateReserved": "2017-01-09T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68B4FF3D-35CC-4E86-A6EE-D065D654FC4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A13E2E2D-41E2-4CF7-A019-6B462A614271\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD99CD57-C55D-4812-8F9C-5ACE7555C086\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABD6EA64-6B65-4487-914F-9EF9CBB78211\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917.\"}, {\"lang\": \"es\", \"value\": \"La instalaci\\u00f3n de una aplicaci\\u00f3n Android de cero permisos en ciertos dispositivos Samsung con software KK(4.4), L(5.0/5.1) y M(6.0) puede bloquear continuamente el proceso system_server en el SO Android. La aplicaci\\u00f3n de cero permisos crear\\u00e1 una sesi\\u00f3n de instalaci\\u00f3n activa para una aplicaci\\u00f3n separada que tiene embebida. La sesi\\u00f3n de instalaci\\u00f3n activa de la aplicaci\\u00f3n embebida se realiza usando la clase android.content.pm.PackageInstaller y sus clases anidadas en la API de Android. La instalaci\\u00f3n activa escribir\\u00e1 el archivo APK embebido en el directorio /data/app, pero la aplicaci\\u00f3n no se instalar\\u00e1 ya que las aplicaciones de terceros no pueden instalar aplicaciones de forma programada. Samsung ha modificado AOSP para acelerar el an\\u00e1lisis de APKs introduciendo la clase com.android.server.pm.PackagePrefetcher y sus clases anidadas. Estas clases analizar\\u00e1n las APKs presentes en el directorio /data/app y otros directorios, incluso si la aplicaci\\u00f3n no est\\u00e1 instalada actualmente. El APK embebido que se escribi\\u00f3 en el directorio /data/app a trav\\u00e9s de la sesi\\u00f3n de instalaci\\u00f3n activada tiene un archivo AndroidManifest.xml muy extenso pero v\\u00e1lido. Espec\\u00edficamente, el archivo AndroidManifest.xml contiene un valor de cadena muy grande para el nombre de un \\u00e1rbol de permisos que declara. Cuando system_server intenta analizar el archivo APK de la aplicaci\\u00f3n embebida de la sesi\\u00f3n de instalaci\\u00f3n activa, se bloquear\\u00e1 debido a un error no detectado (java.lang.OutOfMemoryError) o una excepci\\u00f3n no detectada (std::bad_alloc) por restricciones de memoria. El dispositivo Samsung Android se encontrar\\u00e1 con un reinicio suave debido a un fallo de system_server, y esta acci\\u00f3n se repetir\\u00e1 debido a que el an\\u00e1lisis de los APK en el directorio /data/app realizado a trav\\u00e9s de system_server, es parte del funcionamiento normal. La ID de Samsung es SVE-2016-6917.\"}]",
      "id": "CVE-2017-5217",
      "lastModified": "2024-11-21T03:27:18.367",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-01-09T08:59:00.247",
      "references": "[{\"url\": \"http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95319\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95319\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}, {\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-5217\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-09T08:59:00.247\",\"lastModified\":\"2024-11-21T03:27:18.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917.\"},{\"lang\":\"es\",\"value\":\"La instalaci\u00f3n de una aplicaci\u00f3n Android de cero permisos en ciertos dispositivos Samsung con software KK(4.4), L(5.0/5.1) y M(6.0) puede bloquear continuamente el proceso system_server en el SO Android. La aplicaci\u00f3n de cero permisos crear\u00e1 una sesi\u00f3n de instalaci\u00f3n activa para una aplicaci\u00f3n separada que tiene embebida. La sesi\u00f3n de instalaci\u00f3n activa de la aplicaci\u00f3n embebida se realiza usando la clase android.content.pm.PackageInstaller y sus clases anidadas en la API de Android. La instalaci\u00f3n activa escribir\u00e1 el archivo APK embebido en el directorio /data/app, pero la aplicaci\u00f3n no se instalar\u00e1 ya que las aplicaciones de terceros no pueden instalar aplicaciones de forma programada. Samsung ha modificado AOSP para acelerar el an\u00e1lisis de APKs introduciendo la clase com.android.server.pm.PackagePrefetcher y sus clases anidadas. Estas clases analizar\u00e1n las APKs presentes en el directorio /data/app y otros directorios, incluso si la aplicaci\u00f3n no est\u00e1 instalada actualmente. El APK embebido que se escribi\u00f3 en el directorio /data/app a trav\u00e9s de la sesi\u00f3n de instalaci\u00f3n activada tiene un archivo AndroidManifest.xml muy extenso pero v\u00e1lido. Espec\u00edficamente, el archivo AndroidManifest.xml contiene un valor de cadena muy grande para el nombre de un \u00e1rbol de permisos que declara. Cuando system_server intenta analizar el archivo APK de la aplicaci\u00f3n embebida de la sesi\u00f3n de instalaci\u00f3n activa, se bloquear\u00e1 debido a un error no detectado (java.lang.OutOfMemoryError) o una excepci\u00f3n no detectada (std::bad_alloc) por restricciones de memoria. El dispositivo Samsung Android se encontrar\u00e1 con un reinicio suave debido a un fallo de system_server, y esta acci\u00f3n se repetir\u00e1 debido a que el an\u00e1lisis de los APK en el directorio /data/app realizado a trav\u00e9s de system_server, es parte del funcionamiento normal. La ID de Samsung es SVE-2016-6917.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68B4FF3D-35CC-4E86-A6EE-D065D654FC4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A13E2E2D-41E2-4CF7-A019-6B462A614271\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD99CD57-C55D-4812-8F9C-5ACE7555C086\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD6EA64-6B65-4487-914F-9EF9CBB78211\"}]}]}],\"references\":[{\"url\":\"http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95319\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.