Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2999

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2999
Last Modified 29 Feb 2012 12:00:00
Published 14 Oct 2009 06:30:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2999

Summary

The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656.

Vulnerable Systems

Operating System

  • Google Android 1.5

Application

  • Android 1.5


References

XF - android-smswappush-dos(53655)

BUGTRAQ - 20091005 [oCERT-2009-014] Android denial-of-service issues

MISC - http://www.ocert.org/advisories/ocert-2009-014.html

SECTRACK - 1022986

CONFIRM - http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=46e23fe762d2143d60589ab6d39c4b47c2c754d1


Last Updated: 27 May 2016 10:58:19