CVE-2012-2980 - OpenCVE

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
T-mobile	G2 Mytouch 4g Slide Mytouch 3g Slide
Htc	Merge Chacha Desire
Samsung	Galaxy S
Sprint	Evo Shift 4g
Att	Status

Configuration 1 [-]

OR	cpe:2.3:h:att:status:-:::::::*
	cpe:2.3:h:htc:chacha:-:::::::*
	cpe:2.3:h:htc:desire:-:::::::*
	cpe:2.3:h:htc:merge:-:::::::*
	cpe:2.3:h:samsung:galaxy_s:-:::::::*
	cpe:2.3:h:sprint:evo_shift_4g:-:::::::*
	cpe:2.3:h:t-mobile:g2:-:::::::*
	cpe:2.3:h:t-mobile:mytouch_3g_slide:-:::::::*
	cpe:2.3:h:t-mobile:mytouch_4g_slide:-:::::::*

References

Link	Resource
http://www.htc.com/www/help/app-security-fix/
http://www.kb.cert.org/vuls/id/251635	US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8R5LD6

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2022-10-03T16:15:37

Updated: 2022-10-03T16:15:37

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-2980

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-08-21T10:46:10.513

Modified: 2012-08-21T10:46:10.513

Link: CVE-2012-2980

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:37", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.htc.com/www/help/app-security-fix/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6"}, {"name": "VU#251635", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/251635"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2012-2980", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.htc.com/www/help/app-security-fix/", "refsource": "MISC", "url": "http://www.htc.com/www/help/app-security-fix/"}, {"name": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6"}, {"name": "VU#251635", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/251635"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2012-2980", "datePublished": "2022-10-03T16:15:37", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:37", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:att:status:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF3604EC-F0EA-4C4F-AC02-B06E48BB8E2B", "vulnerable": true}, {"criteria": "cpe:2.3:h:htc:chacha:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E4B4194-E63E-40B2-8D97-4F9ECF72B137", "vulnerable": true}, {"criteria": "cpe:2.3:h:htc:desire:-:*:*:*:*:*:*:*", "matchCriteriaId": "D722FCD1-07FA-4161-A2CA-7AA66640CD57", "vulnerable": true}, {"criteria": "cpe:2.3:h:htc:merge:-:*:*:*:*:*:*:*", "matchCriteriaId": "750EA8EA-B973-44C2-B544-4AE0BA74AF28", "vulnerable": true}, {"criteria": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*", "matchCriteriaId": "A60CAD7B-6A6C-4627-B999-AA442F210486", "vulnerable": true}, {"criteria": "cpe:2.3:h:sprint:evo_shift_4g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2ACDC3D2-AA6E-476E-B23E-A4B138F590EC", "vulnerable": true}, {"criteria": "cpe:2.3:h:t-mobile:g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "70077E7C-3932-4234-87BA-745591A34E2D", "vulnerable": true}, {"criteria": "cpe:2.3:h:t-mobile:mytouch_3g_slide:-:*:*:*:*:*:*:*", "matchCriteriaId": "104D55CE-99BA-478F-91F1-0A97B801AF2F", "vulnerable": true}, {"criteria": "cpe:2.3:h:t-mobile:mytouch_4g_slide:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A5FD0C4-38F8-47D2-8494-15A385773326", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages."}, {"lang": "es", "value": "El m\u00e9todo de implementaci\u00f3n onTouchEvent en Samsumg y HTC para Android en el dispositivo T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, y Samsung Galaxy S almacena las coordenadas de contacto en un b\u00fafer (dmesg) lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una aplicaci\u00f3n manipulada, una demostraci\u00f3n para n\u00fameros de PIN, n\u00fameros de tel\u00e9fono y mensajes de texto."}], "id": "CVE-2012-2980", "lastModified": "2012-08-21T10:46:10.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-21T10:46:10.513", "references": [{"source": "cret@cert.org", "url": "http://www.htc.com/www/help/app-security-fix/"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/251635"}, {"source": "cret@cert.org", "url": "http://www.kb.cert.org/vuls/id/MAPG-8R5LD6"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}