Release date:
Updated on:
Affected Systems:
Open Handset Alliance Android 2.3.x
Open Handset Alliance Android 2.2.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-3874
Android is a project launched by Google through Open Handset Alliance. It is used to provide a complete set of software for mobile devices, including operating systems and middleware.
The stack buffer overflow vulnerability exists in Android 2.2.x to 2.2.2 and 2.3.x to 2.3.6. This vulnerability allows remote attackers to execute arbitrary code using an application that calls FrameworkListener with Incorrect Parameter numbers :: the dispatchCommand method triggers the release and reuse error shown in zergRush.
<* Source: RedHat
Link: http://www.openwall.com/lists/oss-security/2011/11/10/1
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Open Handset Alliance
---------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openhandsetalliance.com/android_overview.html