1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2016-3888
PublicDate: 2016-09-11
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3888
http://source.android.com/security/bulletin/2016-09-01.html
https://android.googlesource.com/platform/frameworks/opt/telephony/+/b8d1aee993dcc565e6576b2f2439a8f5a507cff6
Description:
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x
before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before
2016-09-01 allows physically proximate attackers to bypass the Factory
Reset Protection protection mechanism, and send premium SMS messages during
the Setup Wizard provisioning stage, via unspecified vectors, aka internal
bug 29420123.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_android:
upstream_android: released (2016-09-01)
precise_android: DNE
trusty_android: not-affected
vivid/stable-phone-overlay_android: not-affected
vivid/ubuntu-core_android: DNE
xenial_android: not-affected
devel_android: not-affected
|