oss-sec mailing list archives
CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites
From: dawgystyle () hushmail com
Date: Sat, 22 Mar 2014 08:53:23 +1100
Title: Uhuru Mobile Davfi Multiple VulnerabilitiesProduct: Uhuru MobileEnterprise: Nov'IT Hello, Multiple vulnerabilities were found in the Uhuru Mobile ROM. These vulnerabilities were detailed in a blogpost [1]. Vulnerability #1 - Whitelist of executable applications bypass:----------------------------The Android kernel was modified and "hardened". A feature was implemented to only allow a whitelist of binaries to be executed. This can be bypassed by using, for example, the LD_PRELOAD environment variable. Vulnerability #2 - Embedded kernel vulnerable to CVE-2013-6282 (local root)----------------------------The embedded Android kernel version is 3.4.0, which is vulnerable to CVE-2013-6282. This can be exploited to obtain root rights. Vulnerability #3 - Embedded kernel vulnerable to CVE-2013-4787 (master key)----------------------------The embedded Android kernel is vulnerable to CVE-2013-4787. This can be exploited to bypass the APK signature system of Android. Vulnerability #4 - Local escape shell vulnerability----------------------------When the phone is encrypted, it uses the passcode entered by the user to decrypt/encrypt files. The passcode entered by the user is executed as root inside a shell command without being filtered. An attacker just have to reboot the phone, and once the phone asks for the passcode, enter the payload aka s/Please enter your passcode/Please enter your payload/ . This can be exploited to gain local code execution as root. Eric Filiol, the main creator of the project, responded [2] (in french) to the reported vulnerabilities. Refs:[1] http://esec-lab.sogeti.com/post/A-quick-security-review-of-the-Uhuru-Mobile-demo-ROM[2] https://www.davfi.fr/news/News_2014_03_21.pdf?b=ull&sh=it&over=flow Can a CVE be assigned for these vulnerabilities ?Thanks. Antoine de Gaulle,Securely sent using SMS Perseus
Current thread:
- CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites dawgystyle (Mar 22)
- Re: CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites cve-assign (Mar 22)