Vulnerability Name:

CVE-2015-4641 (CCN-104835)

Assigned:2015-06-16
Published:2015-06-16
Updated:2016-12-07
Summary:Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-22
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Ars Technica Web site
New exploit turns Samsung Galaxy phones into remote bugging devices

Source: MISC
Type: Exploit
http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/

Source: MITRE
Type: CNA
CVE-2015-4641

Source: CCN
Type: Computerworld Web site
Vulnerability in Samsung Galaxy phones put over 600 million Samsung phone users at risk

Source: CCN
Type: US-CERT VU#155412
Samsung Galaxy S phones fail to properly validate Swiftkey language pack updates

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#155412

Source: CCN
Type: Samsung Web site
Galaxy S

Source: BID
Type: UNKNOWN
75353

Source: XF
Type: UNKNOWN
samsung-galaxy-cve20154641-dir-trav(104835)

Source: MISC
Type: Exploit
https://github.com/nowsecure/samsung-ime-rce-poc/

Source: MISC
Type: Exploit
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/

Source: MISC
Type: Exploit
https://www.nowsecure.com/keyboard-vulnerability/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:swiftkey:swiftkey_sdk:*:*:*:*:*:*:*:*
  • AND
  • cpe:/h:samsung:galaxy_s4:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s5:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s6:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:samsung:galaxy_s4:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s5:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s6:*:*:*:*:*:*:*:*
  • OR cpe:/h:samsung:galaxy_s4_mini:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    swiftkey swiftkey sdk *
    samsung galaxy s4 *
    samsung galaxy s4 mini *
    samsung galaxy s5 *
    samsung galaxy s6 *
    samsung galaxy s4 *
    samsung galaxy s5 *
    samsung galaxy s6 *
    samsung galaxy s4 mini *