Android Debug Mode adb Filename Traversal Local Privilege Escalation
Physical Access Required,
Mobile Phone / Hand-held Device
Loss of Integrity
Android contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to debug mode not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the adb Filename. This directory traversal attack would allow a physically present attacker to gain elevated privileges.
OSVDB is not currently aware of a solution for this vulnerability.