[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Xamarin for Android <5.1 DLL Hijack Vulnerability

To: ValdikSS <iam@xxxxxxxxxxxxxxx>
Subject: Re: [FD] Xamarin for Android <5.1 DLL Hijack Vulnerability
From: Tim <strazz@xxxxxxxxx>
Date: Tue, 19 May 2015 14:29:27 -0700

Thanks for posting this to FD, these didn't even include it in their
release notes;

http://developer.xamarin.com/releases/android/xamarin.android_5/xamarin.android_5.1/

Was there a bug reported in bugzilla to link back too?

-Tim Strazzere

On Tue, May 19, 2015 at 6:49 AM, ValdikSS <iam@xxxxxxxxxxxxxxx> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Xamarin for Android prior to version 5.1 allows to replace internal DLL
> files inside the APK with files on SD card which are not in a secure
> storage.
> Malicious application without any special permissions could drop
> backdoored DLL files into
>
> /storage/sdcard0/Android/data/app_id/files/.__override__/
>
> and the victim application would use files from SD.
> Not just the main application library could be hijacked, but also
> Xamarin's System.dll and Mono.Android.dll, which are shipped in all Xamarin
> for Android
> applications.
>
> Developers should rebuild their applications using Xamarin for Android 5.1
> or newer in the release mode.
>
> This vulnerability was found by accident, which allowed me to eat for free
> for a month.
>
> Timeline:
>     03.04.2015 Vulnerability is found
>     07.04.2015 Message sent to Xamarin
>     08.04.2015 Xamarin acknowledged the vulnerability
>     29.04.2015 Fixed stable version released
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: https://keybase.io/valdikss
>
> iQIcBAEBCAAGBQJVWz98AAoJEFzXIC7viPdyP3wP/3Vxrc0hHZATTfkCVq688sJa
> /NI2Z7cdRf3cpHSLCciWbtcNK82uE6qmHisFwUQGA5xvljhrkAXLPa2xG3wShmXq
> G5ID3WexMWgTfLqYwOi/4fq1jpfeEg5vpDFAhj0JuWAvZg1zOwFBQ7UdT6G/eu1C
> +Dgmk1qpvLcPkKOrh2i4xwqkDfqNfADfK7ekjeqMZe70tC95eHLeRWzVEmi+hCC3
> zLwnuprHOEQ/CGeKiQJzePExARFyIfS/kuV+YPdw14gmEOwKAfFymuaxYqULqaxS
> H6RdUJp2SZT5cf0RSlA7zqPhX8fqnkiBiCpd8BstoANl+dFvnggVks6PWovBm8aW
> huYqscwDZ0pGG8kV5lPO/9fE2P/1nm9B1h9tOcycD8gpM7inbDy6WoETwO0KZOlx
> qsetTdYt4PA5V6Wn6wks4R9iPZy7bFlqzrGWLWFY9FYV7a0cZoDi7eY8bNhxFj/T
> g3M1ruIIRVxriyFjcfmq2nWw0rMFhiaDdb/GuQEmtN8b2CQRQmiBrvP1uC2zkOhW
> ijdYsN7SMjvLTch3n6TU3ycibB0uEp03Jgm2+wRzZj5VQXUHR7BFzhh74UeeAriT
> K7EialPddQzxPFS0ufTGQ1JFfjJP3bgZFLDwbJVt/WLwsgQpLmXcTjHub56lr87y
> xQmqbzDDykOJ92uZEJ4X
> =vW6d
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] Xamarin for Android <5.1 DLL Hijack Vulnerability
  - From: ValdikSS

References:
- [FD] Xamarin for Android <5.1 DLL Hijack Vulnerability
  - From: ValdikSS

Prev by Date: Re: [FD] 0-day Denial of Service in IPsec-Tools
Next by Date: Re: [FD] Xamarin for Android <5.1 DLL Hijack Vulnerability
Previous by thread: [FD] Xamarin for Android <5.1 DLL Hijack Vulnerability
Next by thread: Re: [FD] Xamarin for Android <5.1 DLL Hijack Vulnerability
Index(es):
- Date
- Thread