- 漏洞信息

86670
Android vold Daemon Crafted FrameworkCommand Local Privilege Escalation (zergRush)
Mobile Phone / Hand-held Device Input Manipulation
Loss of Integrity Upgrade
Exploit Public Uncoordinated Disclosure

- 漏洞描述

Android is prone to an overflow condition. The vold daemon fails to properly sanitize user-supplied input when parsing specially crafted FrameworkCommands, causing a stack based buffer overflow. When the overflow occurs, the exploit returns to a chain of Return Oriented Exploitation (ROP) gaddgets that execute as root, escalating the attacker's privileges.

- 时间线

2011-10-10 Unknow
2011-10-10 Unknow

- 解决方案

Upgrade to version Honeycomb (3.0) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站