26 matches found
CVE-2014-7953
CVE-2014-7953 describes a race condition in Android 4.4.4’s ActivityManagerService.bindBackupAgent that lets a local user with adb shell execute code as system by coordinating an adb install with a crafted logcat script to force bindBackupAgent to use an ApplicationInfo uid of 1000. The flaw stem...
Android OS 4.4.4 Backup Agent Arbitrary Code Execution Vulnerability
The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system 1000 user or any other valid package. The attack is tested on Android OS 4.4.4. Android backup agent arbitrary code execution...
CVE-2013-6770
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then...
CVE-2013-6770
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then...
Android 4.3 Superuser Root Privilege Escalation Vulnerability
The Superuser package for Android 4.3 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root. Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain,...
Android 4.3 Superuser Root Privilege Escalation
Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain, non-default device configurations. Android 4.3 introduced the concept of "restricted profiles," created through the Settings - Users menu. A...