[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Android 'vold' Privilege Escalation Vulnerability

ID: oval:org.secpod.oval:def:6504Date: (C)2012-06-25   (M)2023-11-13
Class: VULNERABILITYFamily: undefined




The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

Platform:
Google Android
Reference:
CVE-2011-1823
CVE    1
CVE-2011-1823
CPE    12
cpe:/o:google:android:2.3:rev1
cpe:/o:google:android:2.2:rev1
cpe:/o:google:android:2.1
cpe:/o:google:android:3.0
...

© SecPod Technologies