Feed aggregator

3.14.39: longterm

Linux Kernel Updates - April 19, 2015 - 3:12am
Version:3.14.39 (longterm) Released:2015-04-19 Source:linux-3.14.39.tar.xz PGP Signature:linux-3.14.39.tar.sign Patch:patch-3.14.39.xz (Incremental) ChangeLog:ChangeLog-3.14.39

3.19.5: stable

Linux Kernel Updates - April 19, 2015 - 3:11am
Version:3.19.5 (stable) Released:2015-04-19 Source:linux-3.19.5.tar.xz PGP Signature:linux-3.19.5.tar.sign Patch:patch-3.19.5.xz (Incremental) ChangeLog:ChangeLog-3.19.5

CVE-2014-7953 Android backup agent code execution

BugTraq Latest Security Advisories - April 17, 2015 - 9:55am

Posted by Imre RAD on Apr 17

Android backup agent arbitrary code execution
---------------------------------------------

The Android backup agent implementation was vulnerable to privilege
escalation and race condition. An attacker with adb shell access could
run arbitrary code as the system (1000) user (or any other valid
package). The attack is tested on Android OS 4.4.4.

The main problem is inside bindBackupAgent method in the
ActivityManagerService.
This method is...
Categories:

CVE-2014-7951 adb backup archive path traversal file overwrite

BugTraq Latest Security Advisories - April 17, 2015 - 9:45am

Posted by Imre RAD on Apr 17

ADB backup archive path traversal file overwrite
------------------------------------------------

Using adb one can create a backup of his/her Android device and store it
on the PC. The backup archive is based on the tar file format.

By modifying tar headers to contain ../../ like patterns it is possible
to overwrite files owned by the system user on writeable partitions.

An example pathname in the tar header:...
Categories:

CVE-2014-7954 MTP path traversal vulnerability in Android

BugTraq Latest Security Advisories - April 17, 2015 - 9:37am

Posted by Imre RAD on Apr 17

MTP path traversal vulnerability in Android 4.4
-----------------------------------------------

doSendObjectInfo() method of the MtpServer class implemented in
frameworks/av/media/mtp/MtpServer.cpp does not validate the name
parameter of the incoming MTP packet at all.

It is possible to upload files outside of the sdcard using a specially
crafted MTP request:

root () testpc:~/mtp-test# ./mtp-mysend sdf.txt \...
Categories: