Sign-up

ID

VAR-201201-0284


CVE

CVE-2011-4703


TITLE

Limit My Call Remote Unauthorized Access Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2012-0413 // BID: 51693

DESCRIPTION

The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. Nathaniel Kh Limit My Call is a web phone. Nathaniel Kh Limit My Call has a security vulnerability that allows malicious applications to access and modify user contacts and corresponding call records. Limit My Call is prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to access and manipulate userĂ¢??s contacts and calling logs. Limit My Call 2.11 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Limit My Call for Android Security Bypass Vulnerability SECUNIA ADVISORY ID: SA48420 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48420/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48420 RELEASE DATE: 2012-03-16 DISCUSS ADVISORY: http://secunia.com/advisories/48420/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48420/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48420 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AppSec has reported a vulnerability in Limit My Call for Android, which can be exploited by malicious people to bypass certain security restrictions. Successful exploitation requires that a malicious application is installed. The vulnerability is reported in version 2.11. SOLUTION: Update to version 2.12. PROVIDED AND/OR DISCOVERED BY: Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang. ORIGINAL ADVISORY: AppSec: http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html Limit My Call: http://nathanielkh.wordpress.com/android-app/limit-my-call/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2011-4703 // JVNDB: JVNDB-2012-001208 // CNVD: CNVD-2012-0413 // BID: 51693 // VULMON: CVE-2011-4703 // PACKETSTORM: 110879

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-0413

AFFECTED PRODUCTS

vendor:nathanielkhmodel:limit my callscope:eqversion:2.11

Trust: 1.6

vendor:nathanielmodel:kh limit my callscope:eqversion:2.11

Trust: 0.9

vendor:nathaniel khmodel:limit my callscope:eqversion:2.11

Trust: 0.8

sources: CNVD: CNVD-2012-0413 // BID: 51693 // JVNDB: JVNDB-2012-001208 // CNNVD: CNNVD-201201-349 // NVD: CVE-2011-4703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4703
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4703
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201201-349
value: MEDIUM

Trust: 0.6

VULMON: CVE-2011-4703
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4703
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2011-4703 // JVNDB: JVNDB-2012-001208 // CNNVD: CNNVD-201201-349 // NVD: CVE-2011-4703

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2012-001208 // NVD: CVE-2011-4703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-349

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201201-349

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001208

PATCH
title:Top Pageurl:http://nathanielkh.wordpress.com/android-app/limit-my-call/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-001208

EXTERNAL IDS
db:NVDid:CVE-2011-4703
Trust: 3.5
db:JVNDBid:JVNDB-2012-001208
Trust: 0.8
db:CNVDid:CNVD-2012-0413
Trust: 0.6
db:CNNVDid:CNNVD-201201-349
Trust: 0.6
db:BIDid:51693
Trust: 0.4
db:SECUNIAid:48420
Trust: 0.2
db:VULMONid:CVE-2011-4703
Trust: 0.1
db:PACKETSTORMid:110879
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-0413 // 
            
            
            
            VULMON: CVE-2011-4703 // 
            
            
            
            BID: 51693 // 
            
            
            
            JVNDB: JVNDB-2012-001208 // 
            
            
            
            PACKETSTORM: 110879 // 
            
            
            
            CNNVD: CNNVD-201201-349 // 
            
            
            
            NVD: CVE-2011-4703

REFERENCES
url:http://www4.comp.polyu.edu.hk/~appsec/bugs/cve-2011-4703-vulnerability-in-limitmycall.html
Trust: 3.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4703
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4703
Trust: 0.8
url:http://www.androidzoom.com/android_applications/communication/limit-my-call_jdty.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/51693
Trust: 0.1
url:http://nathanielkh.wordpress.com/android-app/limit-my-call/
Trust: 0.1
url:http://secunia.com/psi_30_beta_launch
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/48420/#comments
Trust: 0.1
url:http://secunia.com/advisories/48420/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48420
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-0413 // 
            
            
            
            VULMON: CVE-2011-4703 // 
            
            
            
            BID: 51693 // 
            
            
            
            JVNDB: JVNDB-2012-001208 // 
            
            
            
            PACKETSTORM: 110879 // 
            
            
            
            CNNVD: CNNVD-201201-349 // 
            
            
            
            NVD: CVE-2011-4703

CREDITS
Daoyuan Wu, Xiapu Luo and Rocky K. C. Chang
Trust: 0.3
sources:
            
            
            BID: 51693

SOURCES
db:CNVDid:CNVD-2012-0413
db:VULMONid:CVE-2011-4703
db:BIDid:51693
db:JVNDBid:JVNDB-2012-001208
db:PACKETSTORMid:110879
db:CNNVDid:CNNVD-201201-349
db:NVDid:CVE-2011-4703

LAST UPDATE DATE
2024-11-23T20:34:11.255000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-0413date:2012-02-07T00:00:00
db:VULMONid:CVE-2011-4703date:2012-05-13T00:00:00
db:BIDid:51693date:2012-01-26T00:00:00
db:JVNDBid:JVNDB-2012-001208date:2012-01-27T00:00:00
db:CNNVDid:CNNVD-201201-349date:2012-01-31T00:00:00
db:NVDid:CVE-2011-4703date:2024-11-21T01:32:49.280

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-0413date:2012-02-07T00:00:00
db:VULMONid:CVE-2011-4703date:2012-01-25T00:00:00
db:BIDid:51693date:2012-01-26T00:00:00
db:JVNDBid:JVNDB-2012-001208date:2012-01-27T00:00:00
db:PACKETSTORMid:110879date:2012-03-16T01:28:38
db:CNNVDid:CNNVD-201201-349date:2012-01-31T00:00:00
db:NVDid:CVE-2011-4703date:2012-01-25T04:03:27.830