Android Superuser mention the right vulnerability analysis-vulnerability warning-the black bar safety net

2013-11-28T00:00:00
ID MYHACK58:62201341303
Type myhack58
Reporter 佚名
Modified 2013-11-28T00:00:00

Description

Recently, foreign security researchers uncover more Android platform under the authorization Application Management Software there are 3 security vulnerabilities, exploit the vulnerabilities may be the root mention the right, see the link:<http://forum.xda-developers.com/showthread.php?t=2525552> is. TSRC also for this 3 Android Superuser mention the right vulnerability analysis, in particular analysis of the situation please see below.

A Superuser environment variables vulnerability

The [affected products]

In Android <= 4.2. x has the root system to use on to the following authorized management applications are likely to be affected: the

1, The ChainsDD Superuser current version, including v3. 1. 3)

2, the CyanogenMod/ClockWorkMod/Koush Superuser is the current version, including v1. 0. 2. 1)

3, the Chainfire SuperSU v1. 6 9 the previous version

【Vulnerability principle】

1, forged to contain malicious shell code app_process, the shell code to the/system/bin added to the environment variables, and then in the data directory create the file, since by default only allows root permission to be created, if create is successful on behalf of the root mention the right to succeed, the specific code as follows:

!

2, The use of the chmod 7 5 5 app_process gives a malicious script app_process execute permissions, and then the malicious script app_process directory where the Add to environment variables PATH=pwd:$PATH;

3, Under normal circumstances, by command su –c ‘true’ will execute the system app_process program, but due to a malicious script in the same directory has been added to the environment variables, this will lead to a malicious script app_process to replace the original system app_process program is executed.

4, the environment variable BOOTCLASSPATH is also the presence of the above problems.

Second, AndroidSuperuser shell character escape mention the right vulnerability

The [affected products]

1, The CyanogenMod/ClockWorkMod/Koush Superuser is the current version, including v1. 0. 2. 1)

2, the Chainfire SuperSU v1. 6 9 before version

[1] [2] [3] [4] next