Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-111389
HistoryJan 06, 2020 - 12:00 a.m.

Google Android Kernel Component CVE-2020-0009 Local Privilege Escalation Vulnerability

2020-01-0600:00:00
Symantec Security Response
www.symantec.com
45
JSON

Description

Google Android is prone to a local privilege escalation vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of a privileged process. This issue is being tracked by Android Bug ID A-142938932.

Technologies Affected

  • Google Android

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t required. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of malicious activity such as requests containing suspicious URI sequences. Since the webserver may also log such requests, audit its logs regularly.

Run all software as a nonprivileged user with minimal access rights.
To limit the consequences of a successful exploit, run server processes within a restricted environment using facilities such as chroot or jail.

Implement multiple redundant layers of security.
Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker’s ability to exploit this vulnerability to execute arbitrary code.

Updates are available. Please see the references or vendor advisory for more information.

Related

debiancve 1
zdt 3
packetstorm 1
prion 1
cve 1
ubuntucve 1
nessus 8
openvas 8
slackware 1
osv 1
debian 2
androidsecurity 1
debiancve
debiancve
CVE-2020-0009
2020-01-08 16:15:00
zdt
zdt
Android ashmem Read-Only Bypasses Exploit
2020-01-10 00:00:00
Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN Exploit
2020-01-15 00:00:00
WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM Exploit
2020-01-14 00:00:00
packetstorm
packetstorm
Android ashmem Read-Only Bypasses
2020-01-10 00:00:00
prion
prion
Memory corruption
2020-01-08 16:15:00
cve
cve
CVE-2020-0009
2020-01-08 16:15:00
ubuntucve
ubuntucve
CVE-2020-0009
2020-01-08 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1920)
2020-09-02 00:00:00
EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2020-2443)
2020-11-06 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)
2020-08-28 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1920)
2020-09-04 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-2443)
2020-11-05 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1892)
2020-08-31 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2020-03-26 23:13:28
osv
osv
linux - security update
2020-06-09 00:00:00
debian
debian
[SECURITY] [DLA 2241-1] linux security update
2020-06-09 21:29:32
[SECURITY] [DLA 2241-2] linux security update
2020-06-10 10:55:44
androidsecurity
androidsecurity
Pixel Update Bulletin—January 2020
2020-01-06 00:00:00
JSON
Related for SMNTC-111389
debiancve1zdt3packetstorm1prion1cve1ubuntucve1nessus8openvas8slackware1osv1debian2androidsecurity1