CVE-2011-1149 - OpenCVE

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

OR	cpe:2.3:o:google:android::::::::
	cpe:2.3:o:google:android:1.5:::::::*
	cpe:2.3:o:google:android:1.6:::::::*
	cpe:2.3:o:google:android:2.1:::::::*
	cpe:2.3:o:google:android:2.2:rev1::::::
	cpe:2.3:o:google:android:2.2.1:::::::*

No data.

References

Link	Providers
http://android.git.kernel.org/?p=kernel/common.git%3Ba=commit%3Bh=c98a285075f26e2b17a5baa2cb3eb6356a75597e
http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=25b15be9120bcdaa0aba622c67ad2c835d9e91ca
http://c-skills.blogspot.com/2011/01/adb-trickery-again.html
http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2
http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971
https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-04-21T10:00:00

Updated: 2024-08-06T22:14:27.840Z

Reserved: 2011-03-03T00:00:00

Link: CVE-2011-1149

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-04-21T10:55:01.577

Modified: 2023-11-07T02:06:57.583

Link: CVE-2011-1149

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-06T00:00:00", "descriptions": [{"lang": "en", "value": "Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-04-23T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=25b15be9120bcdaa0aba622c67ad2c835d9e91ca"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=kernel/common.git%3Ba=commit%3Bh=c98a285075f26e2b17a5baa2cb3eb6356a75597e"}, {"tags": ["x_refsource_MISC"], "url": "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2"}, {"tags": ["x_refsource_MISC"], "url": "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1149", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c835d9e91ca", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c835d9e91ca"}, {"name": "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971", "refsource": "CONFIRM", "url": "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971"}, {"name": "http://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a75597e", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a75597e"}, {"name": "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html", "refsource": "MISC", "url": "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html"}, {"name": "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2", "refsource": "MISC", "url": "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2"}, {"name": "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2", "refsource": "MISC", "url": "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:27.840Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=25b15be9120bcdaa0aba622c67ad2c835d9e91ca"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=kernel/common.git%3Ba=commit%3Bh=c98a285075f26e2b17a5baa2cb3eb6356a75597e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1149", "datePublished": "2011-04-21T10:00:00", "dateReserved": "2011-03-03T00:00:00", "dateUpdated": "2024-08-06T22:14:27.840Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "77160929-9B5D-48C9-8C7D-3B3DF618EC34", "versionEndIncluding": "2.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "8C354829-6BEB-4C67-972A-60367073753C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "702B40EB-76BC-4686-A46E-D02DBE3A86E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A33DBF65-09A6-4149-BABE-2FFFBF10C31D", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*", "matchCriteriaId": "D1755B91-1B6B-4A9E-BB6B-22B399A6DD02", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A92E88F-CCED-41D7-AFB7-CE1F9265E546", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK."}, {"lang": "es", "value": "Android anterior a v2.3 no restringe de forma adecuada el acceso al espacio de propiedad del sistema, lo que permite a las aplicaciones locales evitar los privilegios de recinto de seguridad de aplicaciones y obtener privilegios, como lo demuestra psneuter y KillingInTheNameOf, relacionado con el uso de la memoria compartida Android (ashmem) y ASHMEM_SET_PROT_MASK."}], "id": "CVE-2011-1149", "lastModified": "2023-11-07T02:06:57.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-21T10:55:01.577", "references": [{"source": "secalert@redhat.com", "url": "http://android.git.kernel.org/?p=kernel/common.git%3Ba=commit%3Bh=c98a285075f26e2b17a5baa2cb3eb6356a75597e"}, {"source": "secalert@redhat.com", "url": "http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=25b15be9120bcdaa0aba622c67ad2c835d9e91ca"}, {"source": "secalert@redhat.com", "url": "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2"}, {"source": "secalert@redhat.com", "url": "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}