Details of VAR-201208-0355

ID

VAR-201208-0355

CVE

CVE-2012-2980

TITLE

Samsung and HTC android phone information disclosure vulnerability

Trust: 0.8

sources: CERT/CC: VU#251635

DESCRIPTION

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. Samsung and HTC Made Android Certain terminals have a vulnerability in which information entered by the user is leaked. Samsung and HTC Made Android The information entered by the user is stored on a specific device model. dmseg There are vulnerabilities that can be referenced using commands.The phone number entered by the user by a third party PIN A number may be obtained. Users who have access to the affected device and can execute the dmesg application can view the dmesg buffer data without root or administrator privileges. May be used to read PIN numbers, short messages, phone numbers, etc. Multiple Samsung and HTC Devices are prone to an information-disclosure vulnerability. Successful attacks can allow an attacker to obtain sensitive information that may aid in further attacks

Trust: 3.15

sources: NVD: CVE-2012-2980 // CERT/CC: VU#251635 // JVNDB: JVNDB-2012-003815 // CNVD: CNVD-2012-4327 // BID: 55047

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-4327

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy s	scope:	eq	version:	-	Trust: 1.6
vendor:	samsung	model:	galaxy s	scope:	-	version:	-	Trust: 1.4
vendor:	htc	model:	merge	scope:	-	version:	-	Trust: 1.4
vendor:	sprint	model:	evo shift 4g	scope:	-	version:	-	Trust: 1.4
vendor:	htc	model:	merge	scope:	eq	version:	-	Trust: 1.0
vendor:	htc	model:	desire	scope:	eq	version:	-	Trust: 1.0
vendor:	t mobile	model:	mytouch 3g slide	scope:	eq	version:	-	Trust: 1.0
vendor:	t mobile	model:	g2	scope:	eq	version:	-	Trust: 1.0
vendor:	att	model:	status	scope:	eq	version:	-	Trust: 1.0
vendor:	htc	model:	chacha	scope:	eq	version:	-	Trust: 1.0
vendor:	t mobile	model:	mytouch 4g slide	scope:	eq	version:	-	Trust: 1.0
vendor:	sprint	model:	evo shift 4g	scope:	eq	version:	-	Trust: 1.0
vendor:	htc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	at t	model:	at&t status	scope:	-	version:	-	Trust: 0.8
vendor:	htc	model:	chacha	scope:	-	version:	-	Trust: 0.8
vendor:	htc	model:	desire	scope:	eq	version:	z	Trust: 0.8
vendor:	t mobile	model:	t-mobile g2	scope:	-	version:	-	Trust: 0.8
vendor:	t mobile	model:	t-mobile mytouch 3g slide	scope:	-	version:	-	Trust: 0.8
vendor:	t mobile	model:	t-mobile mytouch 4g slide	scope:	-	version:	-	Trust: 0.8
vendor:	t mobile	model:	mytouch 4g slide	scope:	-	version:	-	Trust: 0.6
vendor:	htc	model:	desire z t-mobile g2	scope:	-	version:	-	Trust: 0.6
vendor:	t mobile	model:	mytouch 3g slide	scope:	-	version:	-	Trust: 0.6

sources: CERT/CC: VU#251635 // CNVD: CNVD-2012-4327 // JVNDB: JVNDB-2012-003815 // CNNVD: CNNVD-201208-311 // NVD: CVE-2012-2980

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-2980
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-2980
value:	MEDIUM
Trust: 0.8
NVD:	CVE-2012-2980
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201208-311
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2012-2980
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2012-2980
severity:	MEDIUM
baseScore:	4.4
vectorString:	NONE
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.7
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: CERT/CC: VU#251635 // JVNDB: JVNDB-2012-003815 // CNNVD: CNNVD-201208-311 // NVD: CVE-2012-2980

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2012-003815 // NVD: CVE-2012-2980

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-311

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201208-311

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003815

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#251635

PATCH

title:	Top Page	url:	http://www.att.com/	Trust: 0.8
title:	Application security fix	url:	http://www.htc.com/www/help/app-security-fix/	Trust: 0.8
title:	Top Page	url:	http://www.sprint.com/	Trust: 0.8
title:	Top Page	url:	http://www.t-mobile.com/	Trust: 0.8
title:	Top Page	url:	http://www.samsung.com/jp/	Trust: 0.8
title:	Patch for Samsung and HTC Device Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/19893	Trust: 0.6

sources: CNVD: CNVD-2012-4327 // JVNDB: JVNDB-2012-003815

EXTERNAL IDS

db:	CERT/CC	id:	VU#251635	Trust: 3.8
db:	NVD	id:	CVE-2012-2980	Trust: 3.3
db:	BID	id:	55047	Trust: 0.9
db:	JVNDB	id:	JVNDB-2012-003815	Trust: 0.8
db:	CNVD	id:	CNVD-2012-4327	Trust: 0.6
db:	CNNVD	id:	CNNVD-201208-311	Trust: 0.6

sources: CERT/CC: VU#251635 // CNVD: CNVD-2012-4327 // BID: 55047 // JVNDB: JVNDB-2012-003815 // CNNVD: CNNVD-201208-311 // NVD: CVE-2012-2980

REFERENCES

url:	http://www.kb.cert.org/vuls/id/251635	Trust: 3.0
url:	http://www.htc.com/www/help/app-security-fix/	Trust: 2.4
url:	http://www.kb.cert.org/vuls/id/mapg-8r5ld6	Trust: 2.4
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2980	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu251635	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2980	Trust: 0.8
url:	http://www.securityfocus.com/bid/55047	Trust: 0.6
url:	http://www.samsung.com/	Trust: 0.3

sources: CERT/CC: VU#251635 // CNVD: CNVD-2012-4327 // BID: 55047 // JVNDB: JVNDB-2012-003815 // CNNVD: CNNVD-201208-311 // NVD: CVE-2012-2980

CREDITS

Glenn ten Cate

Trust: 0.9

sources: BID: 55047 // CNNVD: CNNVD-201208-311

SOURCES

db:	CERT/CC	id:	VU#251635
db:	CNVD	id:	CNVD-2012-4327
db:	BID	id:	55047
db:	JVNDB	id:	JVNDB-2012-003815
db:	CNNVD	id:	CNNVD-201208-311
db:	NVD	id:	CVE-2012-2980

LAST UPDATE DATE

2024-11-23T23:02:54.119000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#251635	date:	2012-08-24T00:00:00
db:	CNVD	id:	CNVD-2012-4327	date:	2012-08-20T00:00:00
db:	BID	id:	55047	date:	2012-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2012-003815	date:	2012-08-24T00:00:00
db:	CNNVD	id:	CNNVD-201208-311	date:	2012-08-20T00:00:00
db:	NVD	id:	CVE-2012-2980	date:	2024-11-21T01:40:03.917

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#251635	date:	2012-08-16T00:00:00
db:	CNVD	id:	CNVD-2012-4327	date:	2012-08-20T00:00:00
db:	BID	id:	55047	date:	2012-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2012-003815	date:	2012-08-24T00:00:00
db:	CNNVD	id:	CNNVD-201208-311	date:	2012-08-20T00:00:00
db:	NVD	id:	CVE-2012-2980	date:	2012-08-21T10:46:10.513