ID
VAR-201704-0254
CVE
CVE-2016-2567
TITLE
Samsung SM-N9005 and SM-G920F Samsung kernel for Android secfilter input validation vulnerability
Trust: 1.2
DESCRIPTION
secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. SamsungkernelforAndroidonSM-N9005 (Note3) and SM-G920F (GalaxyS6) are the cores of Samsung's Android system running on SM-N9005 (Note3) and SM-G920F (GalaxyS6) (smartphone). Secfilter is one of the URL parsing filter plugins. An input validation vulnerability exists in the secfilter of Samsungkernel for Android in SamsungSM-N9005 (Note3) and SM-G920F (GalaxyS6). Samsung kernel for Android on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) are both Korean Samsung (Samsung) running on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) (smart phones) The kernel of the Android system in. There is a security vulnerability in the secfilter of Samsung kernel for Android in Samsung SM-N9005(Note 3) and SM-G920F(Galaxy S6). The following products and versions are affected: Samsung SM-N9005 build N9005XXUGBOB6 (Note 3) version; SM-G920F build G920FXXU2COH2 (Galaxy S6) version
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | samsung | model: | galaxy s6 | scope: | eq | version: | g920fxxu2coh2 | Trust: 2.4 |
| vendor: | samsung | model: | galaxy note 3 | scope: | eq | version: | n9005xxugbob6 | Trust: 1.6 |
| vendor: | samsung | model: | note 3 | scope: | eq | version: | n9005xxugbob6 | Trust: 0.8 |
| vendor: | samsung | model: | galaxy s6 sm-g920f build g920fxxu2coh2 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | samsung | model: | note sm-n9005 build n9005xxugbob6 | scope: | eq | version: | 3 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | GALAXY Note 3 SM-N9005 | url: | https://www.sammobile.com/devices/specs/SM-N9005/ | Trust: 0.8 |
| title: | Galaxy S6 SM-G920F | url: | https://www.sammobile.com/devices/specs/SM-G920F/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-2567 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2016-008457 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2017-11327 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201704-751 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-91386 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003 | Trust: 3.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2567 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2016-2567 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2017-11327 |
| db: | VULHUB | id: | VHN-91386 |
| db: | JVNDB | id: | JVNDB-2016-008457 |
| db: | CNNVD | id: | CNNVD-201704-751 |
| db: | NVD | id: | CVE-2016-2567 |
LAST UPDATE DATE
2024-11-23T21:54:45.151000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-11327 | date: | 2017-06-26T00:00:00 |
| db: | VULHUB | id: | VHN-91386 | date: | 2017-04-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-008457 | date: | 2017-05-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201704-751 | date: | 2017-06-07T00:00:00 |
| db: | NVD | id: | CVE-2016-2567 | date: | 2024-11-21T02:48:43.003 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-11327 | date: | 2017-06-26T00:00:00 |
| db: | VULHUB | id: | VHN-91386 | date: | 2017-04-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-008457 | date: | 2017-05-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201704-751 | date: | 2017-04-13T00:00:00 |
| db: | NVD | id: | CVE-2016-2567 | date: | 2017-04-13T16:59:01.143 |