cnvd-2017-01539
Vulnerability from cnvd

Title: Huawei EMUI路径遍历漏洞

Description:

Huawei EMUI是中国华为(Huawei)公司开发的一套基于Android平台的智能终端人机交互系统。

Huawei EMUI 3.1版本存在路径遍历漏洞,该漏洞源于程序未能充分验证特定类型的文件解压时的路径。攻击者可通过诱使用户下载安装恶意软件利用该漏洞将恶意文件解压至目标路径。

Severity:

Patch Name: Huawei EMUI路径遍历漏洞的补丁

Patch Description:

Huawei EMUI是中国华为(Huawei)公司开发的一套基于Android平台的智能终端人机交互系统。

Huawei EMUI 3.1版本存在路径遍历漏洞,该漏洞源于程序未能充分验证特定类型的文件解压时的路径。攻击者可通过诱使用户下载安装恶意软件利用该漏洞将恶意文件解压至目标路径。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序,请及时关注更新: http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-emui-en

Reference: http://www.securityfocus.com/bid/95919 http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170125-01-emui-cn

Impacted products
Name
['Huawei P8 <=GRA-UL00C00B230', 'Huawei P8 <=GRA-CL00C92B230', 'Huawei 麦芒4 <=RIO-CL00C92B220', 'Huawei 麦芒4 <=RIO-TL00C01B220', 'Huawei 麦芒4 <=RIO-UL00C00B220', 'Huawei 麦芒4 <=RIO-AL00C00B220', 'Huawei 荣耀7i <=ATH-AL00C00B210', 'Huawei 荣耀7i <=ATH-AL00C92B200', 'Huawei 荣耀7i <=ATH-CL00C92B210', 'Huawei 荣耀7i <=ATH-TL00C01B210', 'Huawei 荣耀7i <=ATH-TL00HC01B210', 'Huawei 荣耀7i <=ATH-UL00C00B210', 'Huawei 荣耀6 <=H60-L04C10B523', 'Huawei 荣耀6 <=H60-L04C185B523', 'Huawei 荣耀6 <=H60-L04C636B527', 'Huawei 荣耀6 <=H60-L04C900B530', 'Huawei 荣耀7 <=AL10C00B220', 'Huawei 荣耀7 <=AL10C92B220', 'Huawei 荣耀7 <=CL00C92B220', 'Huawei 荣耀7 <=L01C10B140', 'Huawei 荣耀7 <=L01C185B130', 'Huawei 荣耀7 <=L01C432B187', 'Huawei 荣耀7 <=L01C432B190', 'Huawei 荣耀7 <=L01C636B130', 'Huawei 荣耀7 <=TL00C01B220', 'Huawei 荣耀7 <=TL01HC01B220', 'Huawei 荣耀7 <=UL00C17B220', 'Huawei Mate S <=CRR-CL00C92B172', 'Huawei Mate S <=CRR-L09C432B180', 'Huawei Mate S <=CRR-TL00C01B172', 'Huawei Mate S <=CRR-UL00C00B172', 'Huawei Mate S <=CRR-UL20C432B171', 'Huawei P8 <=GRA-TL00C01B230SP01', 'Huawei P8 <=GRA-UL00C10B201', 'Huawei P8 <=GRA-UL00C432B220', 'Huawei Mate 7 <=MT7-L09C605B325', 'Huawei Mate 7 <=MT7-L09C900B339', 'Huawei Mate 7 <=MT7-TL10C900B339', 'Huawei P8青春版 <=ALE-L02C635B140', 'Huawei P8青春版 <=ALE-L02C636B140', 'Huawei P8青春版 <=ALE-L21C10B150', 'Huawei P8青春版 <=ALE-L21C185B200', 'Huawei P8青春版 <=ALE-L21C432B214', 'Huawei P8青春版 <=ALE-L21C464B150', 'Huawei P8青春版 <=ALE-L21C636B200', 'Huawei P8青春版 <=ALE-L23C605B190', 'Huawei P8青春版 <=ALE-TL00C01B250', 'Huawei P8青春版 <=ALE-UL00C00B250']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "95919"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2693"
    }
  },
  "description": "Huawei EMUI\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u667a\u80fd\u7ec8\u7aef\u4eba\u673a\u4ea4\u4e92\u7cfb\u7edf\u3002\r\n\r\nHuawei EMUI 3.1\u7248\u672c\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7279\u5b9a\u7c7b\u578b\u7684\u6587\u4ef6\u89e3\u538b\u65f6\u7684\u8def\u5f84\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u4e0b\u8f7d\u5b89\u88c5\u6076\u610f\u8f6f\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6076\u610f\u6587\u4ef6\u89e3\u538b\u81f3\u76ee\u6807\u8def\u5f84\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-emui-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01539",
  "openTime": "2017-02-20",
  "patchDescription": "Huawei EMUI\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u667a\u80fd\u7ec8\u7aef\u4eba\u673a\u4ea4\u4e92\u7cfb\u7edf\u3002\r\n\r\nHuawei EMUI 3.1\u7248\u672c\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7279\u5b9a\u7c7b\u578b\u7684\u6587\u4ef6\u89e3\u538b\u65f6\u7684\u8def\u5f84\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u4e0b\u8f7d\u5b89\u88c5\u6076\u610f\u8f6f\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6076\u610f\u6587\u4ef6\u89e3\u538b\u81f3\u76ee\u6807\u8def\u5f84\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei EMUI\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei P8 \u003c=GRA-UL00C00B230",
      "Huawei P8 \u003c=GRA-CL00C92B230",
      "Huawei \u9ea6\u82924  \u003c=RIO-CL00C92B220",
      "Huawei \u9ea6\u82924  \u003c=RIO-TL00C01B220",
      "Huawei \u9ea6\u82924  \u003c=RIO-UL00C00B220",
      "Huawei \u9ea6\u82924 \u003c=RIO-AL00C00B220",
      "Huawei \u8363\u80007i \u003c=ATH-AL00C00B210",
      "Huawei \u8363\u80007i  \u003c=ATH-AL00C92B200",
      "Huawei \u8363\u80007i  \u003c=ATH-CL00C92B210",
      "Huawei \u8363\u80007i  \u003c=ATH-TL00C01B210",
      "Huawei \u8363\u80007i  \u003c=ATH-TL00HC01B210",
      "Huawei \u8363\u80007i  \u003c=ATH-UL00C00B210",
      "Huawei \u8363\u80006 \u003c=H60-L04C10B523",
      "Huawei \u8363\u80006  \u003c=H60-L04C185B523",
      "Huawei \u8363\u80006  \u003c=H60-L04C636B527",
      "Huawei \u8363\u80006  \u003c=H60-L04C900B530",
      "Huawei \u8363\u80007 \u003c=AL10C00B220",
      "Huawei \u8363\u80007  \u003c=AL10C92B220",
      "Huawei \u8363\u80007  \u003c=CL00C92B220",
      "Huawei \u8363\u80007  \u003c=L01C10B140",
      "Huawei \u8363\u80007  \u003c=L01C185B130",
      "Huawei \u8363\u80007  \u003c=L01C432B187",
      "Huawei \u8363\u80007  \u003c=L01C432B190",
      "Huawei \u8363\u80007  \u003c=L01C636B130",
      "Huawei \u8363\u80007  \u003c=TL00C01B220",
      "Huawei \u8363\u80007  \u003c=TL01HC01B220",
      "Huawei \u8363\u80007  \u003c=UL00C17B220",
      "Huawei Mate S \u003c=CRR-CL00C92B172",
      "Huawei Mate S  \u003c=CRR-L09C432B180",
      "Huawei Mate S  \u003c=CRR-TL00C01B172",
      "Huawei Mate S  \u003c=CRR-UL00C00B172",
      "Huawei Mate S  \u003c=CRR-UL20C432B171",
      "Huawei P8  \u003c=GRA-TL00C01B230SP01",
      "Huawei P8  \u003c=GRA-UL00C10B201",
      "Huawei P8  \u003c=GRA-UL00C432B220",
      "Huawei Mate 7 \u003c=MT7-L09C605B325",
      "Huawei Mate 7  \u003c=MT7-L09C900B339",
      "Huawei Mate 7  \u003c=MT7-TL10C900B339",
      "Huawei P8\u9752\u6625\u7248 \u003c=ALE-L02C635B140",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L02C636B140",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C10B150",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C185B200",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C432B214",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C464B150",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L21C636B200",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-L23C605B190",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-TL00C01B250",
      "Huawei P8\u9752\u6625\u7248  \u003c=ALE-UL00C00B250"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95919\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170125-01-emui-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-10",
  "title": "Huawei EMUI\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.