CVE-2014-7951
ADB - Backup Archive File Overwrite Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers.
Una vulnerabilidad en Salto de Directorio en el puente de depuración de Android (también se conoce como adb) en Android versión 4.0.4, permite a atacantes físicamente próximos, con una conexión directa al dispositivo Android de destino, escribir en archivos arbitrarios propiedad del sistema por medio de un .. (punto punto) en los encabezados de archivo tar.
The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-07 CVE Reserved
- 2015-04-19 CVE Published
- 2024-03-31 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/74211 | Third Party Advisory | |
https://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E%21/#F0 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/36813 | 2024-08-06 | |
http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html | 2024-08-06 | |
http://seclists.org/fulldisclosure/2015/Apr/51 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|