CVE-2018-16266

Published: Jan 22, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Affected (16)

Products: Linux: Tizen

1 product

Configuration A

16 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linux Tizen	Version 1.0
Linux Tizen	Version 1.0 m1
Linux Tizen	Version 2.0
Linux Tizen	Version 2.1
Linux Tizen	Version 2.2.1
Linux Tizen	Version 2.2
Linux Tizen	Version 2.3.1
Linux Tizen	Version 2.3
Linux Tizen	Version 2.4
Linux Tizen	Version 3.0
Linux Tizen	Version 3.0 m2
Linux Tizen	Version 3.0 m3
Linux Tizen	Version 4.0 m1
Linux Tizen	Version 4.0 m2
Linux Tizen	Version 4.0 m3
Linux Tizen	Version 5.0

Running on/with	Platform Versions
Samsung Galaxy Gear	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

Source: cve@mitre.org

Third Party Advisory

https://review.tizen.org/git/?p=platform/upstream/enlightenment.git%3Ba=commit%3Bh=8ff5c24d04f97b1c84b463535876600b22128fb4

Source: cve@mitre.org

https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

Source: cve@mitre.org

Third Party Advisory

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://review.tizen.org/git/?p=platform/upstream/enlightenment.git%3Ba=commit%3Bh=8ff5c24d04f97b1c84b463535876600b22128fb4

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.