Thanks for the answer. I could see the change in both Gingerbread's/ Froyo's t-o-t's and hope that it will be tagged as a production release soon. Oleg.
On Jan 1, 8:22 am, Nick Kralevich <[email protected]> wrote: > CVE-2011-3874 (aka "ZergRush") has already been backported to Android 2.2 > and Android 2.3, and is available in the tip-of-tree git repository for > each of those branches. Please > seehttp://code.google.com/p/android/issues/detail?id=21681for patch details. > > In addition, our Android Compatibility Test Suite > (CTS)<http://source.android.com/compatibility/overview.html>has been > modified to detect this vulnerability. New Android devices, > regardless of version number, cannot pass our compatibility tests without > having fixed this bug. > > -- Nick > > > > > > > > > > On Sat, Dec 31, 2011 at 12:01 PM, Oleg Gryb <[email protected]> wrote: > > Hello Android Security, > > > I've just had an interesting conversation with +Jean-Baptiste Queru > > and +Dianne Hackborn at G+ (https://plus.google.com/ > > 112218872649456413744/posts/dFmpbxfpkfN) and the JBQ's advice was to > > discuss it here. > > > I wanted to ask you if you plan to back-port that privilege escalation > > bug that being successfully exploited by zergRush and could be > > definitely used by others for less noble purposes than device > > rooting. > > > It exploits the buffer overflow possibility in system/core/libsysutils/ > > src/FrameworkListener.cpp module where limits are not enforced for the > > following array: > > char *argv[FrameworkListener::CMD_ARGS_MAX]; > > > I could see that the bug has been fixed in ICS: > > > *** ../android-4.0/system/core/libsysutils/src/FrameworkListener.cpp > > 2011-12-11 19:54:29.000000000 -0800 > > --- system/core/libsysutils/src/FrameworkListener.cpp 2011-12-31 > > 11:15:11.000000000 -0800 > > .... skipped ... > > - *q = '\0'; > > - if (argc >= CMD_ARGS_MAX) > > - goto overflow; > > .... skipped ... > > > JBQ has also mentioned that it might've been back-ported to 2.2.3 and > > 2.3.7, but I've just checked both of them and didn't find the change. > > > Please let me know if you have any plans for back-porting that. > > > Thanks & Have a Happy New Year, > > Oleg. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Android Security Discussions" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/android-security-discuss?hl=en. > > -- > Nick Kralevich | Android Security | [email protected] | 650.214.4037 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
