Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0020
Android Security Bulletin-March 2017
8 March 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Nexus devices
Operating System: Android
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Increased Privileges -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-0537 CVE-2017-0536 CVE-2017-0535
CVE-2017-0534 CVE-2017-0533 CVE-2017-0532
CVE-2017-0531 CVE-2017-0529 CVE-2017-0528
CVE-2017-0527 CVE-2017-0526 CVE-2017-0525
CVE-2017-0524 CVE-2017-0523 CVE-2017-0522
CVE-2017-0521 CVE-2017-0520 CVE-2017-0519
CVE-2017-0518 CVE-2017-0517 CVE-2017-0516
CVE-2017-0510 CVE-2017-0509 CVE-2017-0508
CVE-2017-0507 CVE-2017-0506 CVE-2017-0505
CVE-2017-0504 CVE-2017-0503 CVE-2017-0502
CVE-2017-0501 CVE-2017-0500 CVE-2017-0499
CVE-2017-0498 CVE-2017-0497 CVE-2017-0496
CVE-2017-0495 CVE-2017-0494 CVE-2017-0492
CVE-2017-0491 CVE-2017-0490 CVE-2017-0489
CVE-2017-0488 CVE-2017-0487 CVE-2017-0486
CVE-2017-0485 CVE-2017-0484 CVE-2017-0483
CVE-2017-0482 CVE-2017-0481 CVE-2017-0480
CVE-2017-0479 CVE-2017-0478 CVE-2017-0477
CVE-2017-0476 CVE-2017-0475 CVE-2017-0474
CVE-2017-0473 CVE-2017-0472 CVE-2017-0471
CVE-2017-0470 CVE-2017-0469 CVE-2017-0468
CVE-2017-0467 CVE-2017-0466 CVE-2017-0464
CVE-2017-0463 CVE-2017-0461 CVE-2017-0460
CVE-2017-0459 CVE-2017-0458 CVE-2017-0457
CVE-2017-0456 CVE-2017-0455 CVE-2017-0453
CVE-2017-0452 CVE-2017-0392 CVE-2017-0390
CVE-2017-0338 CVE-2017-0337 CVE-2017-0336
CVE-2017-0335 CVE-2017-0334 CVE-2017-0333
CVE-2017-0307 CVE-2017-0306 CVE-2016-10200
CVE-2016-9806 CVE-2016-9793 CVE-2016-8655
CVE-2016-8650 CVE-2016-8488 CVE-2016-8487
CVE-2016-8486 CVE-2016-8485 CVE-2016-8484
CVE-2016-8483 CVE-2016-8479 CVE-2016-8478
CVE-2016-8477 CVE-2016-8417 CVE-2016-8416
CVE-2016-8413 CVE-2016-5857 CVE-2016-5856
CVE-2016-2182 CVE-2014-8709
Member content until: Friday, April 7 2017
Reference: ASB-2017.0005
ASB-2017.0002
ASB-2017.0001
ESB-2015.1935
ESB-2015.0503
ESB-2015.0137
OVERVIEW
Multiple vulnerabilities have been identified in Android prior to
security patch level string 2017-03-05. [1]
IMPACT
The vendor has provided the following information:
"017-03-01 security patch level-Vulnerability summary
Security patch levels of 2017-03-01 or later must address the
following issues.
Issue CVE Severity Affects Google devices?
Remote code execution vulnerability in OpenSSL & BoringSSL CVE-2016-2182 Critical Yes
Remote code execution vulnerability in Mediaserver CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0474 Critical Yes
Elevation of privilege vulnerability in recovery verifier CVE-2017-0475 Critical Yes
Remote code execution vulnerability in AOSP Messaging CVE-2017-0476 High Yes
Remote code execution vulnerability in libgdx CVE-2017-0477 High Yes
Remote code execution vulnerability in Framesequence library CVE-2017-0478 High Yes
Elevation of privilege vulnerability in Audioserver CVE-2017-0479, CVE-2017-0480 High Yes
Elevation of privilege vulnerability in NFC CVE-2017-0481 High Yes
Denial of service vulnerability in Mediaserver CVE-2017-0482, CVE-2017-0483, CVE-2017-0484, CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0488 High Yes
Update: Denial of service vulnerability in Mediaserver CVE-2017-0390 High Yes
Update: Denial of service vulnerability in Mediaserver CVE-2017-0392 High Yes
Elevation of privilege vulnerability in Location Manager CVE-2017-0489 Moderate Yes
Elevation of privilege vulnerability in Wi-Fi CVE-2017-0490 Moderate Yes
Elevation of privilege vulnerability in Package Manager CVE-2017-0491 Moderate Yes
Elevation of privilege vulnerability in System UI CVE-2017-0492 Moderate Yes
Information disclosure vulnerability in AOSP Messaging CVE-2017-0494 Moderate Yes
Information disclosure vulnerability in Mediaserver CVE-2017-0495 Moderate Yes
Denial of service vulnerability in Setup Wizard CVE-2017-0496 Moderate Yes
Denial of service vulnerability in Mediaserver CVE-2017-0497 Moderate Yes
Denial of service vulnerability in Setup Wizard CVE-2017-0498 Moderate No*
Denial of service vulnerability in Audioserver CVE-2017-0499 Low Yes
* Supported Google devices on Android 7.0 or later that have installed all available updates are not affected by this vulnerability.
2017-03-05 security patch level—Vulnerability summary
Security patch levels of 2017-03-05 or later must address all of the 2017-03-01 issues, as well as the following issues.
Issue CVE Severity Affects Google devices?
Elevation of privilege vulnerability in MediaTek components CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, CVE-2017-0504, CVE-2017-0505, CVE-2017-0506 Critical No*
Elevation of privilege vulnerability in NVIDIA GPU driver CVE-2017-0337, CVE-2017-0338, CVE-2017-0333, CVE-2017-0306, CVE-2017-0335 Critical Yes
Elevation of privilege vulnerability in kernel ION subsystem CVE-2017-0507, CVE-2017-0508 Critical Yes
Elevation of privilege vulnerability in Broadcom Wi-Fi driver CVE-2017-0509 Critical No*
Elevation of privilege vulnerability in kernel FIQ debugger CVE-2017-0510 Critical Yes
Elevation of privilege vulnerability in Qualcomm GPU driver CVE-2016-8479 Critical Yes
Elevation of privilege vulnerability in kernel networking subsystem CVE-2016-9806, CVE-2016-10200 Critical Yes
Vulnerabilities in Qualcomm components CVE-2016-8484, CVE-2016-8485, CVE-2016-8486, CVE-2016-8487, CVE-2016-8488 Critical No*
Elevation of privilege vulnerability in kernel networking subsystem CVE-2016-8655, CVE-2016-9793 High Yes
Elevation of privilege vulnerability in Qualcomm input hardware driver CVE-2017-0516 High Yes
Elevation of privilege vulnerability in MediaTek Hardware Sensor Driver CVE-2017-0517 High No*
Elevation of privilege vulnerability in Qualcomm ADSPRPC driver CVE-2017-0457 High Yes
Elevation of privilege vulnerability in Qualcomm fingerprint sensor driver CVE-2017-0518, CVE-2017-0519 High Yes
Elevation of privilege vulnerability in Qualcomm crypto engine driver CVE-2017-0520 High Yes
Elevation of privilege vulnerability in Qualcomm camera driver CVE-2017-0458, CVE-2017-0521 High Yes
Elevation of privilege vulnerability in MediaTek APK CVE-2017-0522 High No*
Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2017-0464, CVE-2017-0453, CVE-2017-0523 High Yes
Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2017-0524 High Yes
Elevation of privilege vulnerability in Qualcomm IPA driver CVE-2017-0456, CVE-2017-0525 High Yes
Elevation of privilege vulnerability in HTC Sensor Hub Driver CVE-2017-0526, CVE-2017-0527 High Yes
Elevation of privilege vulnerability in NVIDIA GPU driver CVE-2017-0307 High No*
Elevation of privilege vulnerability in Qualcomm networking driver CVE-2017-0463, CVE-2017-0460 High Yes
Elevation of privilege vulnerability in kernel security subsystem CVE-2017-0528 High Yes
Elevation of privilege vulnerability in Qualcomm SPCom driver CVE-2016-5856, CVE-2016-5857 High No*
Information disclosure vulnerability in kernel networking subsystem CVE-2014-8709 High Yes
Information disclosure vulnerability in MediaTek driver CVE-2017-0529 High No*
Information disclosure vulnerability in Qualcomm bootloader CVE-2017-0455 High Yes
Information disclosure vulnerability in Qualcomm power driver CVE-2016-8483 High Yes
Information disclosure vulnerability in NVIDIA GPU driver CVE-2017-0334, CVE-2017-0336 High Yes
Denial of service vulnerability in kernel cryptographic subsystem CVE-2016-8650 High Yes
Elevation of privilege vulnerability in Qualcomm camera driver (device specific) CVE-2016-8417 Moderate Yes
Information disclosure vulnerability in Qualcomm Wi-Fi driver CVE-2017-0461, CVE-2017-0459, CVE-2017-0531 Moderate Yes
Information disclosure vulnerability in MediaTek video codec driver CVE-2017-0532 Moderate No*
Information disclosure vulnerability in Qualcomm video driver CVE-2017-0533, CVE-2017-0534, CVE-2016-8416, CVE-2016-8478 Moderate Yes
Information disclosure vulnerability in Qualcomm camera driver CVE-2016-8413, CVE-2016-8477 Moderate Yes
Information disclosure vulnerability in HTC sound codec driver CVE-2017-0535 Moderate Yes
Information disclosure vulnerability in Synaptics touchscreen driver CVE-2017-0536 Moderate Yes
Information disclosure vulnerability in kernel USB gadget driver CVE-2017-0537 Moderate Yes
Information disclosure vulnerability in Qualcomm camera driver CVE-2017-0452 Low Yes
* Supported Google devices on Android 7.0 or later that have
installed all available updates are not affected by this
vulnerability. [1]
MITIGATION
Google advises it has released over-the-air (OTA) updates for Nexus,
and partner updates have been released to the Android Open
Source Project (AOSP). Android users are advised to update to the
latest versions to address these issues. [1]
REFERENCES
[1] Android Security Bulletin—March 2017
https://source.android.com/security/bulletin/2017-03-01.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWL+XTox+lLeg9Ub1AQh9/Q/+JtBR2d4oSlzxcYW+0cyW4dGAdz6Ajh6Y
0rg7iclPNrLwd/ETGU81JFIdHXBcGtZyUgB6wK4U9tJQSOp+cRidh5bftQzVvslU
1HxWmMMZtEh442EtQMesvb1xP7L6Dsr7wwTd8Re77kmsfoXaLJY/atjbFhYSXBKJ
eDyQnXGkjWq8Pjojbc8ssB8yaO3FheyrrUu9YHF1/mc7jOR6O1LjMGluKYVy37ob
hwmBaovUkb9Y9GQXNblAuh/ZzHQSv42RT+N6Iedwq9UOdO29aINDvAJcrnwCkO0Y
9PCho5pxHWARaMbLqPkoK6s3hCHymflpoJqDVfFxEWDDiebeo0Q0iPWrA6hKKouk
2Jh5V8AyY5AFAxqG43X3JJm08QT4TaFBr5Sh1U/RKuxwAtkIykW3Lwznboi7n7O+
X/+E8+R+xr5LkPj5dKEGVcFrP8SWYzOfFj/vhdfBnI0iok+FZil0igEbLzAayVva
fTStdPlKtGSZjQ3kmHyp+4oTSyDkxoIA0PKO3NP9wnjEweRWiqPFL7gCpd0GgjgA
GZk5Gwv4YvBubNvTTU1iaemU9Xl0ET1U92ayu6rKPPb+uEzLWthUnXXC8KWMTWfR
1Ck80CmT/bLtjLqzo+FtKBGHNmE3v0W0C9CudPZ0ZCrb7WlruCxaPeTul7TTMV2X
KkP2TKach0E=
=RaJs
-----END PGP SIGNATURE-----