Vulnerability CVE-2017-0386

Vulnerability Name:

CVE-2017-0386 (CCN-121042)

Assigned:

2016-11-29

Published:

2017-01-03

Updated:

2019-10-03

Summary:

An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: Google Web site
Android

Source: MITRE
Type: CNA
CVE-2017-0386

Source: BID
Type: Third Party Advisory, VDB Entry
95256

Source: CCN
Type: BID-95256
Google Android CVE-2017-0386 Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
android-cve20170386-priv-esc(121042)

Source: CCN
Type: Android Open Source Project
Android Security BulletinJanuary 2017

Source: CONFIRM
Type: Vendor Advisory
https://source.android.com/security/bulletin/2017-01-01.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:google:android:5.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.0.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.0.2:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.1.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.1.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:7.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:7.1.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:google:android:5.1.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.0.2:*:*:*:*:*:*:*

OR cpe:/o:google:android:7.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:7.1.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20170386	V	CVE-2017-0386	2022-09-02
oval:org.opensuse.security:def:6108	P	Security update for libnl-1_1 (Moderate) (in QA)	2022-08-08
oval:org.opensuse.security:def:5299	P	Security update for libnl3 (Moderate) (in QA)	2022-08-08
oval:org.opensuse.security:def:5300	P	Security update for libnl-1_1 (Moderate) (in QA)	2022-08-08
oval:org.opensuse.security:def:6107	P	Security update for libnl3 (Moderate) (in QA)	2022-08-08
oval:org.opensuse.security:def:33117	P	Security update for openexr (Important)	2022-01-12
oval:org.opensuse.security:def:34006	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:30147	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:34555	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:33722	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:33711	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33710	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:33967	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:34511	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:34486	P	Security update for systemd (Moderate)	2021-07-20
oval:org.opensuse.security:def:32961	P	Security update for kernel-source (Important)	2021-07-01
oval:org.opensuse.security:def:33941	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:34447	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:31181	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:30061	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:31144	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:34398	P	Security update for gssproxy (Moderate)	2021-04-06
oval:org.opensuse.security:def:34037	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:28925	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:30004	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:34340	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:35233	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:29954	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:28784	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:29280	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29785	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30443	P	Security update for zypper	2020-12-01
oval:org.opensuse.security:def:32499	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33174	P	libproxy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34183	P	Security update for openswan	2020-12-01
oval:org.opensuse.security:def:28841	P	Security update for vino	2020-12-01
oval:org.opensuse.security:def:29918	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:29917	P	Security update for libdb-4_5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30462	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32510	P	file-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33223	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30506	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:32588	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33262	P	stunnel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28488	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29077	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32723	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33285	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28489	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:29131	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32817	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33329	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:33805	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:28500	P	Security update for openldap2	2020-12-01
oval:org.opensuse.security:def:29180	P	Security update for microcode_ctl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29700	P	Security update for file-roller (Moderate)	2020-12-01
oval:org.opensuse.security:def:30300	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:32874	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28568	P	Security update for KVM	2020-12-01
oval:org.opensuse.security:def:29219	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:29701	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:30355	P	Security update for w3m (Moderate)	2020-12-01
oval:org.opensuse.security:def:28699	P	Security update for gnutls	2020-12-01
oval:org.opensuse.security:def:29236	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:29712	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30404	P	Security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:32498	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34094	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:35193	P	Security update for libQt	2020-12-01

BACK