Open Handset Alliance Android Privilege Escalation Vulnerability

2011-04-21T00:00:00
ID SMNTC-48238
Type symantec
Reporter Symantec Security Response
Modified 2011-04-21T00:00:00

Description

Description

Open Handset Alliance Android is prone to a privilege-escalation vulnerability because it fails to properly handle certain socket messages. Successfully exploiting this issue can allow attackers to corrupt memory and execute arbitrary code with superuser privileges, leading to a complete compromise of the device.

Technologies Affected

  • Open Handset Alliance Android 2.0
  • Open Handset Alliance Android 2.0.1
  • Open Handset Alliance Android 2.1
  • Open Handset Alliance Android 2.1.1
  • Open Handset Alliance Android 2.2
  • Open Handset Alliance Android 2.3
  • Open Handset Alliance Android 2.3.1
  • Open Handset Alliance Android 2.3.2
  • Open Handset Alliance Android 3.0
  • Open Handset Alliance Android

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To limit the potential damage that a successful exploit may achieve, run all nonadministrative software as a regular user with the least amount of privileges required to successfully operate.

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Do not allow untrusted users physical access to systems.
Users should not allow unknown or untrusted users to access affected devices.

Vendor updates are available. Please see the references for more information.