CVE-2011-1149

Severity Level: Medium
AppRisk Coverage: Yes
Type: Vulnerability
OWASP: M4: Unintended Data Leakage
Aliases:

• Ashmembrk.A

Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2011-1149

Details or analysis:

This exploit attempts to gain root privilege of the affected Android device via neutering the Android property service.

Android versions prior to 2.3 do not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges. Related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.

Reference:

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1149
• http://c-skills.blogspot.com/2011/01/adb-trickery-again.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1149