7.2

CVE-2011-1149

Exploit

EPSS 0.04%
Veröffentlicht 21.04.2011 10:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version <= 2.2.2

Google ≫ Android Version1.5

Google ≫ Android Version1.6

Google ≫ Android Version2.1

Google ≫ Android Version2.2 Updaterev1

Google ≫ Android Version2.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://android.git.kernel.org/?p=kernel/common.git%3Ba=commit%3Bh=c98a285075f26e2b17a5baa2cb3eb6356a75597e

http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=25b15be9120bcdaa0aba622c67ad2c835d9e91ca

http://c-skills.blogspot.com/2011/01/adb-trickery-again.html

http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2

Exploit

http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971

https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-1149

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1149

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1149

EUVD