OSVDB/86670漏洞详情 - SCAP中文社区

OSVDB

- 漏洞信息

OSVDBID: 86670
漏洞名称:Android vold Daemon Crafted FrameworkCommand Local Privilege Escalation (zergRush)
漏洞位置: Mobile Phone / Hand-held Device	利用方式: Input Manipulation
漏洞影响:Loss of Integrity	解决方式:Upgrade
漏洞利用:Exploit Public	公开方式:Uncoordinated Disclosure

- 漏洞描述

Android is prone to an overflow condition. The vold daemon fails to properly sanitize user-supplied input when parsing specially crafted FrameworkCommands, causing a stack based buffer overflow. When the overflow occurs, the exploit returns to a chain of Return Oriented Exploitation (ROP) gaddgets that execute as root, escalating the attacker's privileges.

- 时间线

公开日期: 2011-10-10	发现日期: Unknow
利用日期:2011-10-10	解决日期:Unknow

- 解决方案

Upgrade to version Honeycomb (3.0) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

Other Advisory URL: http://blog.fortiguard.com/starcraft-culture-to-understand-android/
http://forum.xda-developers.com/showthread.php?t=1296916
https://github.com/revolutionary
Vendor URL: http://www.android.com/
Generic Exploit URL: https://github.com/downloads/revolutionary/zergRush/zergRush.zip

- 漏洞作者

Unknown or Incomplete

CVE数据库

检索CVE

关于CVE

CVE资源

Wise Words

Try not to become a man of success but rather try to become a man of value.

-- A. Einstein

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息，请查阅[关于本站]。

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标，它们的官方数据源均保存在MITRE公司的相关网站。

CVE 通用漏洞与披露Common Vulnerabilities and Exposures