CVE-2014-0997 – Android WiFi-Direct - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0997
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. WiFiMonitor en Android 4.4.4 tal y como se emplea en Nexus 5 y 4, Android 4.2.2 tal y como se emplea en LG D806, Android 4.2.2 tal y como se emplea en Samsung SM-T310, Android 4.1.2 tal y como se emplea en Motorola RAZR HD y potencialmente en otras distribuciones Android anteriores a la 5.0.1 y 5.0.2 no gestiona correctamente las excepciones. Esto permite que los atacantes remotos provoquen una denegación de servicio (reinicio) mediante un marco de respuesta de sonda 802.11. • https://www.exploit-db.com/exploits/35913 http://packetstormsecurity.com/files/130107/Android-WiFi-Direct-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/Jan/104 http://www.securityfocus.com/archive/1/534544/100/0/threaded http://www.securityfocus.com/bid/72311 https://www.coresecurity.com/advisories/android-wifi-direct-denial-service • CWE-19: Data Processing Errors •
CVE-2013-4777
https://notcve.org/view.php?id=CVE-2013-4777
A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. Una configuración concreta en Android v2.3.7 en el teléfono Motorola Defy XT para Republic Wireless utiliza init para crear un socket dev/socket/init_runit que escuche comandos de sistema, lo que permite a usuarios locales conseguir privilegios mediante la interacción con un objeto LocalSocket. • https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-5933
https://notcve.org/view.php?id=CVE-2013-5933
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket. Desbordamiento de búfer basado en pila en la función sub_E110 de una determinada configuración de Android 2.3.7 en el teléfono Motorola Defy XT para Republic Wireless permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) escribiendo una cadena larga al socket /dev/socket/init_runit el cual es incompatible con cierto valor de longitud que fue previamente escrito a este socket. • http://twitter.com/djrbliss/statuses/382632926946402304 https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3051
https://notcve.org/view.php?id=CVE-2013-3051
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596. El núcleo TrustZone, cuando se utiliza con determinada versión de Motorola Android 4.1.2, el Motorola Razr HD, M Razr, Atrix HD con el chipset Qualcomm MSM8960 no verifica la asociación entre determinada argumento dirección-física y un región de memoria, lo que permite desbloquear a usuarios locales el bootloader usando el modo kernel para realizar operaciones SMC 0x9 y 0x2. Se trata de una vulnerabilidad diferente a CVE-2013-2596. • http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html http://www.droid-life.com/2013/04/08/motorola-razr-hd-razr-m-and-atrix-hd-bootloader-unlock-released • CWE-16: Configuration •
CVE-2013-2596 – Linux Kernel Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2013-2596
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. Una determinada version de Android v4.1.2 en dispositivos Motorola Razr HD, Razr M, y Atrix HD con el chipset Qualcomm MSM8960 permite a atacantes físicamente próximos obtener acceso de root entrando en el modo de depuración USB, usando Android Debug Bridge (ADB) para establecer una conexión USB, y cargar y ejecutar el programa pwn Motochopper. An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. • http://forum.xda-developers.com/showthread.php?t=2255491 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://marc.info/? • CWE-190: Integer Overflow or Wraparound •