VAR-201912-1596
Vulnerability from variot - Updated: 2023-12-18 13:37Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. Samsung Galaxy S3/S4 Contains an improper default permissions vulnerability.Information may be altered. The Samsung Galaxy S3 and S4 are prone to a local security-bypass vulnerability. An attacker with local physical access to a device can exploit this issue to bypass certain security restriction and perform unauthorized actions. Hi list, I would like to inform you that the details of the vulnerability in built-in system app of Samsung Galaxy S3/S4 (assigned as CVE-2013-4763 and CVE-2013-4764) are now disclosed to public. By exploiting these unprotected components, an unprivileged app can trigger a so-called \x93restore\x94 operation to write SMS messages back to the standard SMS database file (mmssms.db) used by the system messaging app, i.e., SecMms.apk. Similarly, fake MMS messages and call logs are also possible. This vulnerability has been disclosed in CVE-2013-4763.
Also, these components can be sequentially triggered in a specific order to create arbitrary SMS content, inject to system-wide SMS database, and then trigger the built-in SMS-sending behavior (to arbitrary destination). This vulnerability has been disclosed in CVE-2013-4764.
QIHU Inc. discovered these vulnerability and informed Samsung Corp. in June 10, 2013. Samsung confirmed the vulerability and is now preparing an OTA update. As a temporary workaround, disable the sCloudBackupProvider.apk app would help block known attack vectors.
Details of CVE-2013-4763 and CVE-2013-4764 can be also found in QIHU Inc.'s official site: http://shouji.360.cn/securityReportlist/CVE-2013-4763.html http://shouji.360.cn/securityReportlist/CVE-2013-4764.html
Regards, Z.X. from QIHU Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "galaxy s3",
"scope": "eq",
"trust": 2.2,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s4",
"scope": "eq",
"trust": 2.2,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s3",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s4",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s4",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "galaxy s iii",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "scloudbackupprovider.apk",
"scope": "eq",
"trust": 0.3,
"vendor": "jdsingle76",
"version": "1.4"
},
{
"model": "scloudbackupprovider.apk",
"scope": "eq",
"trust": 0.3,
"vendor": "jdsingle76",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "61280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"db": "NVD",
"id": "CVE-2013-4763"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:galaxy_s3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4763"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Z.X. of QIHU Inc.",
"sources": [
{
"db": "BID",
"id": "61280"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4763",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-4763",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-4763",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4763",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-1173",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"db": "NVD",
"id": "CVE-2013-4763"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. Samsung Galaxy S3/S4 Contains an improper default permissions vulnerability.Information may be altered. The Samsung Galaxy S3 and S4 are prone to a local security-bypass vulnerability. \nAn attacker with local physical access to a device can exploit this issue to bypass certain security restriction and perform unauthorized actions. Hi list,\nI would like to inform you that the details of the vulnerability in\nbuilt-in system app of Samsung Galaxy S3/S4 (assigned as CVE-2013-4763\nand CVE-2013-4764) are now disclosed to public. By exploiting these unprotected components, an\nunprivileged app can trigger a so-called \\x93restore\\x94 operation to write\nSMS messages back to the standard SMS database file (mmssms.db) used\nby the system messaging app, i.e., SecMms.apk. Similarly, fake MMS messages and call logs are also\npossible. This vulnerability has been disclosed in CVE-2013-4763. \n\nAlso, these components can be sequentially triggered in a specific\norder to create arbitrary SMS content, inject to system-wide SMS\ndatabase, and then trigger the built-in SMS-sending behavior (to\narbitrary destination). This vulnerability has been disclosed in\nCVE-2013-4764. \n\nQIHU Inc. discovered these vulnerability and informed Samsung Corp. in\nJune 10, 2013. Samsung confirmed the vulerability and is now preparing\nan OTA update. As a temporary workaround, disable the\nsCloudBackupProvider.apk app would help block known attack vectors. \n\nDetails of CVE-2013-4763 and CVE-2013-4764 can be also found in QIHU\nInc.\u0027s official site:\nhttp://shouji.360.cn/securityReportlist/CVE-2013-4763.html\nhttp://shouji.360.cn/securityReportlist/CVE-2013-4764.html\n\nRegards,\nZ.X. from QIHU Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4763"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"db": "BID",
"id": "61280"
},
{
"db": "PACKETSTORM",
"id": "122428"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4763",
"trust": 2.8
},
{
"db": "BID",
"id": "61280",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007051",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1173",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "122428",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "61280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"db": "PACKETSTORM",
"id": "122428"
},
{
"db": "NVD",
"id": "CVE-2013-4763"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1173"
}
]
},
"id": "VAR-201912-1596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7951389
},
"last_update_date": "2023-12-18T13:37:59.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.samsung.com/global/galaxy/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"db": "NVD",
"id": "CVE-2013-4763"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.securityfocus.com/bid/61280"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4763"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4763"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
},
{
"trust": 0.3,
"url": "http://www.androidfilehost.com/?fid=13858035414129967185"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/jul/107"
},
{
"trust": 0.1,
"url": "http://shouji.360.cn/securityreportlist/cve-2013-4764.html"
},
{
"trust": 0.1,
"url": "http://shouji.360.cn/securityreportlist/cve-2013-4763.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4764"
}
],
"sources": [
{
"db": "BID",
"id": "61280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"db": "PACKETSTORM",
"id": "122428"
},
{
"db": "NVD",
"id": "CVE-2013-4763"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "61280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"db": "PACKETSTORM",
"id": "122428"
},
{
"db": "NVD",
"id": "CVE-2013-4763"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-17T00:00:00",
"db": "BID",
"id": "61280"
},
{
"date": "2020-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"date": "2013-07-17T00:10:22",
"db": "PACKETSTORM",
"id": "122428"
},
{
"date": "2019-12-27T17:15:15.297000",
"db": "NVD",
"id": "CVE-2013-4763"
},
{
"date": "2019-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-17T00:00:00",
"db": "BID",
"id": "61280"
},
{
"date": "2020-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007051"
},
{
"date": "2020-01-10T13:48:57.043000",
"db": "NVD",
"id": "CVE-2013-4763"
},
{
"date": "2020-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "61280"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Galaxy S3/S4 Inadequate default permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007051"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1173"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…