Breakdown of the Android system those DOS vulnerability-vulnerability warning-the black bar safety net

2015-03-23T00:00:00
ID MYHACK58:62201560262
Type myhack58
Reporter 佚名
Modified 2015-03-23T00:00:00

Description

0x00 Preface


The Android system there are some vulnerabilities can lead to system reboot, of course, allow the system to restart just a phenomenon, these vulnerabilities there may also be elevation of Privilege, execution code, etc. This article to restart this phenomenon is the basis for classification, far-fetched of these vulnerabilities on a piece of view. Next, these the vulnerability of the Genesis and essence of a simple analysis, and try to attach the compiled poc and exploit demo video.

0x01 Nexus 5 <=4.4.2 local dos


https://labs.mwrinfosecurity.com/advisories/2014/11/05/nexus-5-4-4-2-local-dos/ vulnerability overview:

Nexus 5 comes loaded with a hidden used to test the network connectivity of the system application. In 4. 4. 3 before version, this application has a large number of export activity, such activity does not require any permission it may be an external call. One of the export activity can make the phone suffer from the DOS attack, the external call you can make phone directly reboot.

Vulnerability hazards:

In addition to call this component to make the system restart, if a malicious application registration response to the BOOT_COMPLETED broadcast, and sends the appropriate intent to the vulnerability of the activity component, then the phone will cycle reboot.

Vulnerability details:

There is a vulnerability of the application package: the com. lge. SprintHiddenMenu

The presence of vulnerabilities of the components: com. lge. SprintHiddenMenu. sprintspec. SCRTN, the component is derived, and does not do any permission restrictions. By following command you can make the Nexus 5 The phone reboots:

|

1

|

adb shell am start –n com. lge. SprintHiddenMenu/com. lge. SprintHiddenMenu. sprintspec. SCRTN

---|---

Vulnerability fix:

[1] [2] [3] [4] [5] [6] next