43 matches found
Google Patches More Trouble in Mediaserver
Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar. Once again, critical remote code execution Mediaserver vulnerabilities dominate this month’s patches...
CVE-2016-2430
libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236...
CVE-2016-2420
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620...
CVE-2016-2420
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620...
Design/Logic Flaw
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620...
CVE-2016-2420
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620...
UBUNTU-CVE-2016-2420
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620...
CVE-2016-2420
CVE-2016-2420 affects Android 4.x up to before 4.4.4, where the Debuggerd component fails to ensure the /data/tombstones directory exists via rootdir/init.rc. This can allow a crafted local app to gain privileges and potentially execute arbitrary code, enabling elevation of privilege from system ...
CVE-2016-2420
rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620...
Android Debuggerd Component Elevation of Privilege Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, of which Debuggerd is a component of the system startup process. An elevation of privilege vulnerability exists in the Debuggerd component of Android. A local attacker could exploi...
Android 'Debuggerd' elevation of privilege vulnerability
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. Android 'Debuggerd' has a security vulnerability that allows an attacker to exploit the vulnerability to elevate privileges...
CVE-2016-0807
The getbuildid function in elfutils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394...
DEBIAN-CVE-2016-0807
The getbuildid function in elfutils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394...
CVE-2016-0807
The getbuildid function in elfutils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394...
Code injection
The getbuildid function in elfutils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394...
UBUNTU-CVE-2016-0807
The getbuildid function in elfutils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394...
CVE-2016-0807
CVE-2016-0807 affects Android 6.x Debuggerd (get_build_id in elf_utils.cpp) where a crafted ELF Note Desc Size element mishandling enables privilege escalation. Root cause: improper handling in Debuggerd’s ELF note parsing. Impact: high (local attacker). Affected component: Android 6.x Debuggerd....
CVE-2016-0807
The getbuildid function in elfutils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394...
CVE-2016-0807
The getbuildid function in elfutils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394...
Google Patches Critical Remotely-exploitable Flaws in Latest Android Update
Google has released the February Security Update for Android that patches multiple security vulnerabilities discovered in the latest version of Android operating system. In total, there were five "critical" security vulnerabilities fixed in the release along with four "high" severity and one mere...