Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu,  5 May 2016 22:39:11 -0400 (EDT)
From: cve-assign@...re.org
To: pengdawei521@....com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> When a app send a evil data to com.samsung.android.jam.IAndroidShm
> service by service command (Android system command) , can cause to
> IAndroidShm service crash.

> adb shell;

> service call com.samsung.android.jam.IAndroidShm 5 i32 917154658 i32
> 998369275 i32 1652062893 i32 2113420870 i32 1380178743 i32 47342718
> i32 543810222 i32 1481030271

> Fix:
> http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016
> SVE-2015-5133: IAndroidShm IAPAService service DoS

>> A vulnerability without proper exception handling in system services
>> can lead to crash by calling malicious service commands.

Use CVE-2016-4546.

If you have additional reports about Samsung software, then
oss-security readers might find it useful if you include a reference
establishing that the software is open source. For example, we
selected an arbitrary Samsung repository of
git://opensource.samsung.com/SM-N900P and found a
vendor/samsung/common/external/jack/android/AndroidShm.cpp file
that may be related.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXLANMAAoJEHb/MwWLVhi2150P/Rz+lyS2h7ZVm90d3Y1V2sSp
8M+zy6rN8YhjOizW2VhAWpf1U0ekDahXV9qDVmjOVxqiP5l3UXPVTb62Ee6zgYjd
fGPkYxQDMroqps42ryIg7K5eNsKGO0iZ+tsi8wfdH1wzk+opa6ta45CTqPHUl9vS
STi5sZoX2txMXCbfdcGsuudylkVG7y3FbjGw//cT7DcoHHQbWmSF7SmQwcdBzq/c
0Xl67OUOWBKFnNgrLdqifeS6Msa0YW52omLmSMOiLm9/+1jN5bCpfVrwWI78ALeG
FxfHi6HiVWZAyHPt894kCnNeynKa8uw2bWAEgy7RiHf42OBNp+15Crzdg2FvpBCa
8WXRgij1+ML7YtPbG0PfBt66rtlSpznlxp7jCeyriiKqsvSyKcS0rxVWNDbinn8g
vmApz6CqDAotB/PS4/dAv9EyvPlK/bSPiqmbYE0jDw2UmTKVrjc6DnlD0iSPgE4L
y4D6wmFLqSIljFadZVnnHqIGrdqJZQU14yWbw31Fjpp+NdKrMfG2VP/F7ZPPF1Qo
Dk+JYGurrooQwbDsEZ/6TTRXNEMfEtQRLHm7xCXzaxTFjwn12rA6jRlje0MoIPqQ
7Qtersx91679csj9cqAXlBbxgTwpFlIv5XqEcZRPiFKYK02NH/y2vyRE/2yCWkjW
pU6S7ZescwAX+GAeFsur
=GdhJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.