Sign-up

ID

VAR-201209-0759


TITLE

Samsung Galaxy S III USSD Code Remote Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-5500 // CNNVD: CNNVD-201209-706

DESCRIPTION

Samsung Galaxy S III is a Samsung-developed smartphone. An error occurred while processing Unstructured Supplementary Service Data (USSD) code, allowing an attacker to build a WEB page containing a specially crafted \"tel:\" URI, enticing user access to restore the device to factory settings . Open Handset Alliance Android is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will allow an attacker to destroy the SIM card or cause the device to reset to factory settings, denying further service to legitimate users. Note that the factory reset can be performed only on Samsung devices by exploiting this issue. Note: This issue was previously titled 'Samsung Galaxy S III USSD Code Remote Denial of Service Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Samsung Galaxy S III USSD Code Factory Reset Vulnerability SECUNIA ADVISORY ID: SA50780 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50780/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50780 RELEASE DATE: 2012-09-27 DISCUSS ADVISORY: http://secunia.com/advisories/50780/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50780/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50780 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Samsung Galaxy S III, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain Unstructured Supplementary Service Data (USSD) codes. SOLUTION: Reportedly OTA (over the air) patches are available. PROVIDED AND/OR DISCOVERED BY: Ravishankar Borgaonkar, Technical University of Berlin. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: CNVD: CNVD-2012-5500 // BID: 55708 // PACKETSTORM: 116967

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-5500

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy s iiiscope: - version: -

Trust: 0.6

vendor:openmodel:handset alliance androidscope:eqversion:2.3.5

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.3.2

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.3.1

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:4.0.1

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:3.5

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:3.2

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:3.1

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:3.0

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.3.7

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.3.6

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.3.4

Trust: 0.3

vendor:motorolamodel:droidscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2012-5500 // BID: 55708

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-706

TYPE

Unknown

Trust: 0.3

sources: BID: 55708

PATCH

title:Samsung Galaxy S III USSD Code Remote Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/23354

Trust: 0.6

sources: CNVD: CNVD-2012-5500

EXTERNAL IDS

db:BIDid:55708

Trust: 1.5

db:SECUNIAid:50780

Trust: 0.7

db:CNVDid:CNVD-2012-5500

Trust: 0.6

db:CNNVDid:CNNVD-201209-706

Trust: 0.6

db:PACKETSTORMid:116967

Trust: 0.1

sources: CNVD: CNVD-2012-5500 // BID: 55708 // PACKETSTORM: 116967 // CNNVD: CNNVD-201209-706

REFERENCES

url:http://secunia.com/advisories/50780/

Trust: 0.7

url:http://www.securityfocus.com/bid/55708

Trust: 0.6

url:http://www.samsung.com/

Trust: 0.3

url:http://secunia.com/advisories/50780/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50780

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/blog/325/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-5500 // BID: 55708 // PACKETSTORM: 116967 // CNNVD: CNNVD-201209-706

CREDITS

Ravishankar Borgaonkar

Trust: 0.9

sources: BID: 55708 // CNNVD: CNNVD-201209-706

SOURCES

db:CNVDid:CNVD-2012-5500
db:BIDid:55708
db:PACKETSTORMid:116967
db:CNNVDid:CNNVD-201209-706

LAST UPDATE DATE

2022-05-17T22:38:26.041000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-5500date:2012-10-08T00:00:00
db:BIDid:55708date:2012-10-01T22:10:00
db:CNNVDid:CNNVD-201209-706date:2012-09-29T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2012-5500date:2012-10-08T00:00:00
db:BIDid:55708date:2012-09-27T00:00:00
db:PACKETSTORMid:116967date:2012-09-28T03:47:08
db:CNNVDid:CNNVD-201209-706date:2012-09-29T00:00:00