[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x

To: Kevin Cernekee <cernekee@xxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x
From: "Gleb O. Raiko" <raiko@xxxxxxxxxxxx>
Date: Thu, 14 Nov 2013 19:44:15 +0400

Kevin,

Considering ChainsDD Superuser you mentioned.

Unfortunately, your mail describes just potential attack vectors. WhileI can't say for sure, Superuser isn't vulnerable at all, I'd like tonote that su invokes the am script in the process with the credentialsof the caller, not root. Thus, by manipulating the environmentvariables, file descriptors, signals, etc, the user can get yet anotherprocess with the same credentials, perhaps, with a shell or with aninstance of Davlik VM inside.


Regards,
Gleb.

Follow-Ups:
- Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x
  - From: Kevin Cernekee

References:
- Superuser unsanitized environment vulnerability on Android <= 4.2.x
  - From: Kevin Cernekee

Prev by Date: NEW VMSA-2013-0013 VMware Workstation host privilege escalation vulnerability
Next by Date: Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin
Previous by thread: Superuser unsanitized environment vulnerability on Android <= 4.2.x
Next by thread: Re: Superuser unsanitized environment vulnerability on Android <= 4.2.x
Index(es):
- Date
- Thread