CVE-2012-2980 - OpenCVE

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Att	Status
Htc	Chacha Desire Merge
Samsung	Galaxy S
Sprint	Evo Shift 4g
T-mobile	G2 Mytouch 3g Slide Mytouch 4g Slide

Configuration 1 [-]

OR	cpe:2.3:h:att:status:-:::::::*
	cpe:2.3:h:htc:chacha:-:::::::*
	cpe:2.3:h:htc:desire:-:::::::*
	cpe:2.3:h:htc:merge:-:::::::*
	cpe:2.3:h:samsung:galaxy_s:-:::::::*
	cpe:2.3:h:sprint:evo_shift_4g:-:::::::*
	cpe:2.3:h:t-mobile:g2:-:::::::*
	cpe:2.3:h:t-mobile:mytouch_3g_slide:-:::::::*
	cpe:2.3:h:t-mobile:mytouch_4g_slide:-:::::::*

No data.

References

Link	Providers
http://www.htc.com/www/help/app-security-fix/
http://www.kb.cert.org/vuls/id/251635
http://www.kb.cert.org/vuls/id/MAPG-8R5LD6

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2012-08-21T10:00:00Z

Updated: 2024-09-16T17:23:57.816Z

Reserved: 2012-05-30T00:00:00Z

Link: CVE-2012-2980

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-08-21T10:46:10.513

Modified: 2012-08-21T10:46:10.513

Link: CVE-2012-2980

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-21T10:00:00Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.htc.com/www/help/app-security-fix/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6"}, {"name": "VU#251635", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/251635"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2012-2980", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.htc.com/www/help/app-security-fix/", "refsource": "MISC", "url": "http://www.htc.com/www/help/app-security-fix/"}, {"name": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6"}, {"name": "VU#251635", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/251635"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:50:05.366Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.htc.com/www/help/app-security-fix/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6"}, {"name": "VU#251635", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/251635"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2012-2980", "datePublished": "2012-08-21T10:00:00Z", "dateReserved": "2012-05-30T00:00:00Z", "dateUpdated": "2024-09-16T17:23:57.816Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:att:status:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF3604EC-F0EA-4C4F-AC02-B06E48BB8E2B", "vulnerable": true}, {"criteria": "cpe:2.3:h:htc:chacha:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E4B4194-E63E-40B2-8D97-4F9ECF72B137", "vulnerable": true}, {"criteria": "cpe:2.3:h:htc:desire:-:*:*:*:*:*:*:*", "matchCriteriaId": "D722FCD1-07FA-4161-A2CA-7AA66640CD57", "vulnerable": true}, {"criteria": "cpe:2.3:h:htc:merge:-:*:*:*:*:*:*:*", "matchCriteriaId": "750EA8EA-B973-44C2-B544-4AE0BA74AF28", "vulnerable": true}, {"criteria": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*", "matchCriteriaId": "A60CAD7B-6A6C-4627-B999-AA442F210486", "vulnerable": true}, {"criteria": "cpe:2.3:h:sprint:evo_shift_4g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2ACDC3D2-AA6E-476E-B23E-A4B138F590EC", "vulnerable": true}, {"criteria": "cpe:2.3:h:t-mobile:g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "70077E7C-3932-4234-87BA-745591A34E2D", "vulnerable": true}, {"criteria": "cpe:2.3:h:t-mobile:mytouch_3g_slide:-:*:*:*:*:*:*:*", "matchCriteriaId": "104D55CE-99BA-478F-91F1-0A97B801AF2F", "vulnerable": true}, {"criteria": "cpe:2.3:h:t-mobile:mytouch_4g_slide:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A5FD0C4-38F8-47D2-8494-15A385773326", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages."}, {"lang": "es", "value": "El m\u00e9todo de implementaci\u00f3n onTouchEvent en Samsumg y HTC para Android en el dispositivo T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, y Samsung Galaxy S almacena las coordenadas de contacto en un b\u00fafer (dmesg) lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una aplicaci\u00f3n manipulada, una demostraci\u00f3n para n\u00fameros de PIN, n\u00fameros de tel\u00e9fono y mensajes de texto."}], "id": "CVE-2012-2980", "lastModified": "2012-08-21T10:46:10.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-21T10:46:10.513", "references": [{"source": "cret@cert.org", "url": "http://www.htc.com/www/help/app-security-fix/"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/251635"}, {"source": "cret@cert.org", "url": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}