Details of VAR-201702-0393

ID

VAR-201702-0393

CVE

CVE-2016-4547

TITLE

Android Equipped Samsung Service operation interruption in device products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007542

DESCRIPTION

Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. Samsumgandroidphone is a series of mobile phones based on the Android platform. The Samsumgandroid system service failed to handle exceptions correctly, allowing local attackers to conduct denial of service attacks by sending malicious service commands. Multiple Samsung Android Mobile devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions

Trust: 2.43

sources: NVD: CVE-2016-4547 // JVNDB: JVNDB-2016-007542 // CNVD: CNVD-2016-02879 // BID: 96360

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02879

AFFECTED PRODUCTS

vendor:	samsung	model:	mobile	scope:	eq	version:	5.1	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	6.0	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	4.4	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	5.0	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	android phone	scope:	-	version:	-	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	6.0	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	5.1	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	5.0	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	4.4	Trust: 0.3

sources: CNVD: CNVD-2016-02879 // BID: 96360 // JVNDB: JVNDB-2016-007542 // CNNVD: CNNVD-201605-159 // NVD: CVE-2016-4547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4547
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4547
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-02879
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201605-159
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2016-4547
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-02879
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-4547
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02879 // JVNDB: JVNDB-2016-007542 // CNNVD: CNNVD-201605-159 // NVD: CVE-2016-4547

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-007542 // NVD: CVE-2016-4547

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-159

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201605-159

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007542

PATCH

title:	SVE-2016-5134: TvoutService_C service DoS	url:	http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016	Trust: 0.8
title:	Patch for Samsumgandroidphone Denial of Service Vulnerability (CNVD-2016-02879)	url:	https://www.cnvd.org.cn/patchInfo/show/75391	Trust: 0.6

sources: CNVD: CNVD-2016-02879 // JVNDB: JVNDB-2016-007542

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4547	Trust: 3.3
db:	OPENWALL	id:	OSS-SECURITY/2016/05/06/2	Trust: 2.4
db:	JVNDB	id:	JVNDB-2016-007542	Trust: 0.8
db:	CNVD	id:	CNVD-2016-02879	Trust: 0.6
db:	CNNVD	id:	CNNVD-201605-159	Trust: 0.6
db:	BID	id:	96360	Trust: 0.3

sources: CNVD: CNVD-2016-02879 // BID: 96360 // JVNDB: JVNDB-2016-007542 // CNNVD: CNNVD-201605-159 // NVD: CVE-2016-4547

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2016/05/06/2	Trust: 2.4
url:	http://security.samsungmobile.com/smrupdate.html#smr-feb-2016	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4547	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4547	Trust: 0.8
url:	http://security.samsungmobile.com/smrupdate.html#smr	Trust: 0.6
url:	http://www.samsung.com/	Trust: 0.3
url:	http://security.samsungmobile.com/smrupdate.html#smr-feb-2017	Trust: 0.3

sources: CNVD: CNVD-2016-02879 // BID: 96360 // JVNDB: JVNDB-2016-007542 // CNNVD: CNNVD-201605-159 // NVD: CVE-2016-4547

CREDITS

Vinc3nt4H of Alibaba Mobile Security Team.

Trust: 0.3

sources: BID: 96360

SOURCES

db:	CNVD	id:	CNVD-2016-02879
db:	BID	id:	96360
db:	JVNDB	id:	JVNDB-2016-007542
db:	CNNVD	id:	CNNVD-201605-159
db:	NVD	id:	CVE-2016-4547

LAST UPDATE DATE

2024-11-23T23:02:31.612000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02879	date:	2016-05-10T00:00:00
db:	BID	id:	96360	date:	2017-03-07T02:06:00
db:	JVNDB	id:	JVNDB-2016-007542	date:	2017-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201605-159	date:	2016-05-06T00:00:00
db:	NVD	id:	CVE-2016-4547	date:	2024-11-21T02:52:27.510

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02879	date:	2016-05-10T00:00:00
db:	BID	id:	96360	date:	2017-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-007542	date:	2017-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201605-159	date:	2015-10-30T00:00:00
db:	NVD	id:	CVE-2016-4547	date:	2017-02-13T18:59:00.597