ID
VAR-201208-0876
TITLE
Samsung Galaxy S2 Epic 4G Touch Unsafe Temporary File Creation Vulnerability
Trust: 0.6
DESCRIPTION
Samsung Galaxy S2 Epic 4G Touch is a smartphone developed by Samsung. Samsung Galaxy S2 Epic 4G Touch creates /data/log, /data/anr and /data/_SamsungBnR_ directories in a globally writable way. Attackers can exploit vulnerabilities to destroy files and increase permissions. Successfully exploiting the temporary-file-creation issues allows an attacker to overwrite arbitrary files and to perform symbolic-link attacks in the context of the affected device. Other attacks may also be possible
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | samsung | model: | galaxy s2 epic 4g touch | scope: | - | version: | - | Trust: 0.6 |
THREAT TYPE
local
Trust: 0.9
TYPE
Design Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 55053 | Trust: 1.5 |
| db: | CNVD | id: | CNVD-2012-4328 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201208-306 | Trust: 0.6 |
REFERENCES
| url: | http://seclists.org/bugtraq/2012/aug/98 | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/55053 | Trust: 0.6 |
| url: | http://www.samsung.com/us/mobile/cell-phones/sph-d710zkaspr | Trust: 0.3 |
CREDITS
Alexander Pruss
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2012-4328 |
| db: | BID | id: | 55053 |
| db: | CNNVD | id: | CNNVD-201208-306 |
LAST UPDATE DATE
2022-05-17T01:37:10.814000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2012-4328 | date: | 2012-08-20T00:00:00 |
| db: | BID | id: | 55053 | date: | 2012-08-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201208-306 | date: | 2012-08-20T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2012-4328 | date: | 2012-08-20T00:00:00 |
| db: | BID | id: | 55053 | date: | 2012-08-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201208-306 | date: | 2012-08-20T00:00:00 |