[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] [CVE-2019-14783] Arbitrary file create with system-app privilege in Samsung Mobile Android Fota
From: "=?utf-8?B?Zmxhbmtlcg==?=" <i () flanker017 ! me>
Date: 2019-09-25 13:55:02
Message-ID: tencent_31FE41DA51470E9472AA6D25 () qq ! com
[Download RAW message or body]
[CVE-2019-14783] Arbitrary file create with system-app privilege in Samsung Mobile Android \
FotaAgent Component
Software:
--------
Samsung Mobile Android FotaAgent Component
Description:
----------
A vulnerability in FotaAgent allows creating privileged files without proper permission from \
unprivileged process. The patch adds proper permission check on FotaAgent to address the \
vulnerability. This issue is reported to & confirmed and patched by Samsung Mobile Security \
Rewards Program under case ID 101825.
Patched version:
------------
- Samsung Mobile Android N(7.x), O(8.x), P(9.0) with SMR-AUG-2019 patch level and after
Impact:
-------
A successful local attack can create arbitrary file with system privilege.
Solution:
---------
Update the device to at lease SMR-AUG-2019 patch level.
Credit:
-------
Discovered by Qidan He (a.k.a Edward Flanker, @flanker_hqd). Detailed about this vulnerability \
will be released shortly after confirmation from Samsung Mobile for responsible disclosure.
------------------
Sincerely
Qidan (a.k.a Flanker)
Website: https://blog.flanker017.me
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic