Posted by Imre RAD on Apr 17
ADB backup archive path traversal file overwrite
————————————————
Using adb one can create a backup of his/her Android device and store it
on the PC. The backup archive is based on the tar file format.
By modifying tar headers to contain ../../ like patterns it is possible
to overwrite files owned by the system user on writeable partitions.
An example pathname in the tar header:…
Posted by Imre RAD on Apr 17
Android backup agent arbitrary code execution
———————————————
The Android backup agent implementation was vulnerable to privilege
escalation and race condition. An attacker with adb shell access could
run arbitrary code as the system (1000) user (or any other valid
package). The attack is tested on Android OS 4.4.4.
The main problem is inside bindBackupAgent method in the
ActivityManagerService.
This method is…
112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges
CVE-2014-7954 MTP path traversal vulnerability in Android
CVE-2014-7951 adb backup archive path traversal file overwrite
CVE-2014-7953 Android backup agent code execution
CentOS Errata and Enhancement Advisory 2015:0855 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0855.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 977bbb795cbd1777d0ac5dd68558905896f5c31a7717ab1737cdcf36408fcfc3 tzdata-2015c-1.el5.i386.rpm fae2f0b57d69a7974240b07974ccdb5336856d8d827a02f72c9dd71e17875d31 tzdata-java-2015c-1.el5.i386.rpm x86_64: d20ddd1890d3df6be0192c86b67a46684e32835f7a15b2200e03a44fd169a9d4 tzdata-2015c-1.el5.x86_64.rpm f4703acadb371aac5fc0a189c0c3c396fb12ace5b7ced929851a4a725b4b48ab tzdata-java-2015c-1.el5.x86_64.rpm Source: d791ea449383c825d38bc327e1fa60cd5c4a351fe5ae1e895f42682a5dadcfdc tzdata-2015c-1.el5.src.rpm
CentOS Errata and Enhancement Advisory 2015:0855 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0855.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 1bf3cd5dd8aee374357aa15a820aa14dfd5c23a5de3e33c48387cbddb8d15085 tzdata-2015c-1.el7.noarch.rpm f14b8c39cce479da2d529cc4e32499184ff1b9fe894389952599f18b83c6c84f tzdata-java-2015c-1.el7.noarch.rpm Source: 151b89b427d7db50d39c1bb038a680305e9c0ec3789e0c8931e2942cffb8255c tzdata-2015c-1.el7.src.rpm
CentOS Errata and Enhancement Advisory 2015:0855 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0855.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: bb11ad2b0d763dc63ba347692f80597749c2e5d609c0a220773281cc646165d2 tzdata-2015c-2.el6.noarch.rpm 1cd31efa0e7c701059f2788a919edebffad88712cf14daa04b53ce5b181d77cf tzdata-java-2015c-2.el6.noarch.rpm x86_64: bb11ad2b0d763dc63ba347692f80597749c2e5d609c0a220773281cc646165d2 tzdata-2015c-2.el6.noarch.rpm 1cd31efa0e7c701059f2788a919edebffad88712cf14daa04b53ce5b181d77cf tzdata-java-2015c-2.el6.noarch.rpm Source: a8a236e0677ee108c9d3179b4358a3694c587e7904b44853a4ee9ef047b712a1 tzdata-2015c-2.el6.src.rpm
Red Hat Enterprise Linux: Updated java-1.8.0-oracle packages that fix several security issues are now
available for Oracle Java for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492