CVE-2018-16268

Published: Jan 22, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Affected (16)

Products: Linux: Tizen

1 product

Configuration A

16 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linux Tizen	Version 1.0
Linux Tizen	Version 1.0 m1
Linux Tizen	Version 2.0
Linux Tizen	Version 2.1
Linux Tizen	Version 2.2.1
Linux Tizen	Version 2.2
Linux Tizen	Version 2.3.1
Linux Tizen	Version 2.3
Linux Tizen	Version 2.4
Linux Tizen	Version 3.0
Linux Tizen	Version 3.0 m2
Linux Tizen	Version 3.0 m3
Linux Tizen	Version 4.0 m1
Linux Tizen	Version 4.0 m2
Linux Tizen	Version 4.0 m3
Linux Tizen	Version 5.0

Running on/with	Platform Versions
Samsung Galaxy Gear	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

Source: cve@mitre.org

Third Party Advisory

https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git%3Ba=commit%3Bh=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db

Source: cve@mitre.org

https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

Source: cve@mitre.org

Third Party Advisory

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git%3Ba=commit%3Bh=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.