CVE-2010-4832
https://notcve.org/view.php?id=CVE-2010-4832
Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. Android OS anterior a 2.2 no muestra el certificado SSL correcto en ciertos casos, lo que podría permitir a atacantes remotos falsificar sitios web de confianza a través de una página web que contiene referencias a fuentes externas en las que (1) el certificado del último recurso cargado está comprobado, en lugar de para la página principal, o (2) certificados posteriores no están comprobados cuando la conexión HTTPS está reutilizada. • http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=dba8cb76371960457e91b31fa396478f809a5a34 http://jvn.jp/en/jp/JVN43105011/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000053.html https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31fa396478f809a5a34 • CWE-310: Cryptographic Issues •
CVE-2013-7372
https://notcve.org/view.php?id=CVE-2013-7372
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013. La función engineNextBytes en classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java en la implementación SecureRandom en Apache Harmony hasta 6.0M3, utilizado en Java Cryptography Architecture (JCA) en Android anterior a 4.4 y otros productos, cuando el usuario no proporciona una semilla, la función usa utiliza un valor de desplazamiento incorrecto, lo que facilita a un atacante poder anular los mecanismos de protección criptográfica mediante el aprovechamiento de la previsibilidad PRNG resultante, tal y como se demostró activamente contra las aplicaciones Bitcoin Wallet en agosto 2013. • http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java https://bitcoin.org/en/alert/2013-08-11-android • CWE-310: Cryptographic Issues •
CVE-2013-7373
https://notcve.org/view.php?id=CVE-2013-7373
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. Android anterior a 4.4 no ejecuta debidamente la creación de semillas del PRNG OpenSSL, lo que facilita a atacantes anular mecanismos de protección criptográficos mediante el aprovechamiento del uso del PRNG dentro de múltiples aplicaciones. • http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe http://marc.info/?l=openssl-dev&m=130289811108150&w=2 http://marc.info/?l=openssl-dev&m=130298304903422&w=2 http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-6775
https://notcve.org/view.php?id=CVE-2013-6775
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. El paquete Chainfire SuperSU anterior a 1.69 para Android permite a atacantes ganar privilegios a través de el tipo de metacaracteres shell (1) backtick o (2) $() en la opción -c hacia /system/xbin/su. • http://www.securityfocus.com/archive/1/529797 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4710 – Google Android 4.2 Browser and WebView - 'addJavascriptInterface' Code Execution
https://notcve.org/view.php?id=CVE-2013-4710
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. Android 3.0 hasta 4.1.x en Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, y otros dispositivos no implementa debidamente la clase WebView, lo que permite a atacantes remotos ejecutar métodos arbitrarios de objetos Java o causar una denegación de servicio (reinicio) a través de una página web manipulada, tal y como se demostró mediante el uso del método WebView.addJavascriptInterface, un problema relacionado con CVE-2012-6636. • https://www.exploit-db.com/exploits/41675 https://www.exploit-db.com/exploits/31519 https://github.com/Snip3R69/CVE-2013-4710-WebView-RCE-Vulnerability http://50.56.33.56/blog/?p=314 http://emobile.jp/products/sh/a01sh/systemsoftware.html http://jvn.jp/en/jp/JVN53768697/113349/index.html http://jvn.jp/en/jp/JVN53768697/397327/index.html http://jvn.jp/en/jp/JVN53768697/995293/index.html http://jvn.jp/en/jp/JVN53768697/995312/index.html http://jvn.jp • CWE-20: Improper Input Validation •