Podatność CVE-2012-5564


Publikacja: 2013-02-14

Opis:
android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log.

Typ:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Producent: Google
Produkt: Android sdk tools 
Wersje: 4.1.1;

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
3.3/10
4.9/10
3.4/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Lokalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Częściowy
Częściowy

 Referencje:
https://bugzilla.redhat.com/show_bug.cgi?id=879582
http://www.securityfocus.com/bid/56653
http://www.openwall.com/lists/oss-security/2012/11/23/8
http://www.openwall.com/lists/oss-security/2012/11/23/1
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098532.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098529.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098527.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280

Podobne CVE
CVE-2019-9467
In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: A...
CVE-2019-9466
In the Broadcom Wi-Fi driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: ...
CVE-2019-2233
In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution...
CVE-2019-2214
In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2019-2213
In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...
CVE-2019-2212
In poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 A...
CVE-2019-2211
In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...
CVE-2019-2210
In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex...

Copyright 2019, cxsecurity.com

 

Back to Top