CVE-2011-1149

Current Description

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.

Basic Data

PublishedApril 21, 2011
Last ModifiedApril 23, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGoogleAndroid1.5*******
    2.3OSGoogleAndroid1.6*******
    2.3OSGoogleAndroid2.1*******
    2.3OSGoogleAndroid2.2rev1******
    2.3OSGoogleAndroid2.2.1*******
    2.3OSGoogleAndroid********2.2.2

Vulnerable Software List

VendorProductVersions
Google Android *, 1.5, 1.6, 2.1, 2.2, 2.2.1

References

NameSourceURLTags
http://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a75597ehttp://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a7559CONFIRMPatch
http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c835d9e91cahttp://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c8CONFIRMPatch
http://c-skills.blogspot.com/2011/01/adb-trickery-again.htmlhttp://c-skills.blogspot.com/2011/01/adb-trickery-again.htmlMISC
http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2MISCExploit
http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db0CONFIRM
https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2MISCPatch