Open Handset Alliance Android vold permission Escalation Vulnerability

Release date:
Updated on:

Affected Systems:
Open Handset Alliance Android <2.3.4
Open Handset Alliance Android 3.0
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-1823

Android is a project launched by Google through Open Handset Alliance. It is used to provide a complete set of software for mobile devices, including operating systems and middleware.

Android 3.0 and 2. the vold volume manager background program in Version x trusts messages received from the PF_NETLINK socket, allowing local users to execute arbitrary code and obtain root user permissions through negative indexing, this index bypasses the maximum signature integer check in method DirectVolume: handlePartitionAdded, triggering the Memory Corruption demonstrated by Gingerbreak.

<* Source: IBM (ncsupp@ca.ibm.com)

Link: http://xforce.iss.net/xforce/xfdb/67977
Http://forum.xda-developers.com/showthread.php? T = 1044765
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Open Handset Alliance
---------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.openhandsetalliance.com/android_overview.html