CVE-2011-1149

Severity

72%

Complexity

39%

Confidentiality

165%

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 13 years ago

2011-04-21 10:55:00

Last updated 13 years ago

2011-04-23 02:41:00

Affected Software

Google Android Operating System 1.5

1.5

Google Android Operating System 1.6

1.6

Google Android Operating System 2.1

2.1

Google Android Operating System 2.2 Revision 1

2.2

Google Android Operating System 2.2.1

2.2.1

Google Android Operating System

References

http://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a75597e

Patch

http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c835d9e91ca

Patch

http://c-skills.blogspot.com/2011/01/adb-trickery-again.html

http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2

Exploit

http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971

https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.