CVE-2011-1823 – Android OS Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2011-1823
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak. El demonio de vold volume manager en Android versión 3.0 y versiones 2.x anterior a 2.3.4, confía en los mensajes que son recibidos desde un socket PF_NETLINK, que permite a los usuarios locales ejecutar código arbitrario y alcanzar privilegios de root por medio de un índice negativo que omite la comprobación de un entero firmado maximum-only en el método DirectVolume::handlePartitionAdded, que activa una corrupción de memoria, como es demostrado por Gingerbreak. The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor. • http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0b1c7ae486e979826200e8e441605b0a5d6 http://android.git.kernel.org/?p=platform/system/netd.git%3Ba=commit%3Bh=79b579c92afc08ab12c0a5788d61f2dd2934836f http://android.git.kernel.org/?p=platform/system/vold.git%3Ba=commit%3Bh=c51920c82463b240e2be0430849837d6fdc5352e http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421 http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html http://forum.xda-developers.com/showthread.php?t=104 • CWE-190: Integer Overflow or Wraparound •
CVE-2011-0680
https://notcve.org/view.php?id=CVE-2011-0680
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service. data/WorkingMessage.java en la aplicación Mms en Android anterior a v2.2.2 y v2.3.x anterior a v2.3.2 no maneja adecuadamente la 'draft' caché, lo que permite a atacantes remotos leer mensajes SMS previstos para otros destinatarios en circustancias oportunas a través de un servicio estándar de mensajes de texto. • http://android.git.kernel.org/?p=platform/packages/apps/Mms.git%3Ba=commit%3Bh=18d6b7e9d2e538fb3c0264332b96c02abf367267 http://android.git.kernel.org/?p=platform/packages/apps/Mms.git%3Ba=commit%3Bh=4d26623ce82230e8e7009adb921c5edea370a9e0 http://code.google.com/p/android/issues/detail?id=9392#c1460 http://code.google.com/p/android/issues/detail?id=9392#c1620 http://phandroid.com/2011/01/21/android-2-3-2-update-pushing-to-nexus-s-phone-fixes-sms-bug http://twitter.com/GalaxySsupport/statuses/28078194 •