Android ICS adb debugging tools System Restore directory traversal vulnerability, can provide right-vulnerability warning-the black bar safety net

2013-06-21T00:00:00
ID MYHACK58:62201339332
Type myhack58
Reporter 佚名
Modified 2013-06-21T00:00:00

Description

原 漏洞 信息 来自 于 aberkman@gmail.com

Vulnerability description: adb Android Debug Bridge backup/restore option allows you to backup and restore applications, including system applications.

Backup files to tar. the zlib PACKAGE, files the default suffix is *. ab.

When a backup contains a file, the file name similar to the following this form:

apps/com. andoird. settings/db/../../../local. prop

Use adb restore to restore the time will put the local. prop restore to/data/instead of/apps/apps/com. android. settings/databases/。

The above-mentioned”apps”,”com. android. settings”and”db”directory name is used to determine the software packages and data are supposed to restore to the position.

As for the mention of the right to well, ICS has a mention of the right tools if not mistaken is called Tspark principle is in the boot just to be able adb debugging when writing into/data/local. prop to obtain root privileges.

Android really is not what good bird, quickly put your hands on the Samsung mobile phone to throw away.