Sign-up

ID

VAR-201506-0179


CVE

CVE-2015-4640


TITLE

Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates

Trust: 0.8

sources: CERT/CC: VU#155412

DESCRIPTION

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlMan-in-the-middle attacks (man-in-the-middle attack) By HTTP If the response is changed, it may be written to the language pack file. Samsung Galaxy S4 and so on are all smart mobile devices released by South Korea's Samsung. There are security vulnerabilities in the implementation of the SwiftKey language-pack upgrade for several Samsung Galaxy devices. Since the program uses HTTP to connect to the skslm.swiftkey.net server. SwiftKey is prone to a security-bypass vulnerability. Other attacks are also possible

Trust: 3.15

sources: NVD: CVE-2015-4640 // CERT/CC: VU#155412 // JVNDB: JVNDB-2015-003229 // CNVD: CNVD-2015-04020 // BID: 75347

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04020

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy s4scope: - version: -

Trust: 1.4

vendor:samsungmodel:galaxy s5scope: - version: -

Trust: 1.4

vendor:samsungmodel:galaxy s4 miniscope: - version: -

Trust: 1.4

vendor:samsungmodel:galaxy s6scope: - version: -

Trust: 1.4

vendor:swiftkeymodel:sdkscope: - version: -

Trust: 1.4

vendor:swiftkeymodel:sdkscope:eqversion:*

Trust: 1.0

vendor:samsungmodel: - scope: - version: -

Trust: 0.8

vendor:swiftkeymodel:sdkscope:eqversion:0

Trust: 0.3

vendor:samsungmodel:galaxy s6scope:eqversion:0

Trust: 0.3

vendor:samsungmodel:galaxy s5scope:eqversion:0

Trust: 0.3

vendor:samsungmodel:galaxy s4 miniscope:eqversion:0

Trust: 0.3

vendor:samsungmodel:galaxy s4scope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#155412 // CNVD: CNVD-2015-04020 // BID: 75347 // JVNDB: JVNDB-2015-003229 // CNNVD: CNNVD-201506-340 // NVD: CVE-2015-4640

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4640
value: LOW

Trust: 1.0

NVD: CVE-2015-4640
value: LOW

Trust: 0.8

CNVD: CNVD-2015-04020
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-340
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2015-4640
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04020
severity: MEDIUM
baseScore: 5.7
vectorString: AV:A/AC:M/AU:N/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-04020 // JVNDB: JVNDB-2015-003229 // CNNVD: CNNVD-201506-340 // NVD: CVE-2015-4640

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-003229 // NVD: CVE-2015-4640

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201506-340

TYPE

Design Error

Trust: 0.3

sources: BID: 75347

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003229

PATCH
title:Information Regarding the Keyboard Security Issue and Our Device Policy Updateurl:http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/
Trust: 0.8
title:Is my Samsung device open to a security hack or vulnerability through the keyboard?url:https://support.swiftkey.com/hc/en-us/articles/203483421
Trust: 0.8
title:Patches for multiple Samsung Galaxy device man-in-the-middle attacksurl:https://www.cnvd.org.cn/patchInfo/show/60051
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04020 // 
            
            
            
            JVNDB: JVNDB-2015-003229

EXTERNAL IDS
db:CERT/CCid:VU#155412
Trust: 3.8
db:NVDid:CVE-2015-4640
Trust: 3.3
db:BIDid:75347
Trust: 1.3
db:JVNid:JVNVU94598171
Trust: 0.8
db:JVNDBid:JVNDB-2015-003229
Trust: 0.8
db:CNVDid:CNVD-2015-04020
Trust: 0.6
db:CNNVDid:CNNVD-201506-340
Trust: 0.6
sources:
            
            
            CERT/CC: VU#155412 // 
            
            
            
            CNVD: CNVD-2015-04020 // 
            
            
            
            BID: 75347 // 
            
            
            
            JVNDB: JVNDB-2015-003229 // 
            
            
            
            CNNVD: CNNVD-201506-340 // 
            
            
            
            NVD: CVE-2015-4640

REFERENCES
url:https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
Trust: 3.5
url:https://www.nowsecure.com/keyboard-vulnerability/
Trust: 3.3
url:http://www.kb.cert.org/vuls/id/155412
Trust: 3.0
url:http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
Trust: 2.4
url:https://github.com/nowsecure/samsung-ime-rce-poc/
Trust: 1.6
url:http://www.securityfocus.com/bid/75347
Trust: 1.0
url:https://www.nowsecure.com/blog/2015/06/23/on-detecting-and-preventing-the-samsung-ime-keyboard-swiftkey-language-pack-update-vulnerability/
Trust: 0.8
url:http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/
Trust: 0.8
url:http://swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/
Trust: 0.8
url:https://www.blackhat.com/ldn-15/summit.html#abusing-android-apps-and-gaining-remote-code-execution
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/300.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4640
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94598171/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4640
Trust: 0.8
url:http://www.samsung.com/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#155412 // 
            
            
            
            CNVD: CNVD-2015-04020 // 
            
            
            
            BID: 75347 // 
            
            
            
            JVNDB: JVNDB-2015-003229 // 
            
            
            
            CNNVD: CNNVD-201506-340 // 
            
            
            
            NVD: CVE-2015-4640

CREDITS
Ryan Welton and Ted Eull of NowSecure
Trust: 0.3
sources:
            
            
            BID: 75347

SOURCES
db:CERT/CCid:VU#155412
db:CNVDid:CNVD-2015-04020
db:BIDid:75347
db:JVNDBid:JVNDB-2015-003229
db:CNNVDid:CNNVD-201506-340
db:NVDid:CVE-2015-4640

LAST UPDATE DATE
2024-11-23T22:56:25.335000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#155412date:2015-06-25T00:00:00
db:CNVDid:CNVD-2015-04020date:2015-06-26T00:00:00
db:BIDid:75347date:2015-06-19T00:00:00
db:JVNDBid:JVNDB-2015-003229date:2015-07-01T00:00:00
db:CNNVDid:CNNVD-201506-340date:2015-06-23T00:00:00
db:NVDid:CVE-2015-4640date:2024-11-21T02:31:27.533

SOURCES RELEASE DATE
db:CERT/CCid:VU#155412date:2015-06-16T00:00:00
db:CNVDid:CNVD-2015-04020date:2015-06-26T00:00:00
db:BIDid:75347date:2015-06-19T00:00:00
db:JVNDBid:JVNDB-2015-003229date:2015-06-23T00:00:00
db:CNNVDid:CNNVD-201506-340date:2015-06-23T00:00:00
db:NVDid:CVE-2015-4640date:2015-06-19T14:59:01.347