Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Mar 2014 08:53:23 +1100
From: dawgystyle@...hmail.com
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites

Title: Uhuru Mobile Davfi Multiple VulnerabilitiesProduct: Uhuru
MobileEnterprise: Nov'IT
Hello,
Multiple vulnerabilities were found in the Uhuru Mobile ROM. These
vulnerabilities were detailed in a blogpost [1].
Vulnerability #1 - Whitelist of executable applications
bypass:----------------------------The Android kernel was modified and
"hardened". A feature was implemented to only allow a whitelist of
binaries to be executed. This can be bypassed by using, for example,
the LD_PRELOAD environment variable.
Vulnerability #2 - Embedded kernel vulnerable to CVE-2013-6282 (local
root)----------------------------The embedded Android kernel version
is 3.4.0, which is vulnerable to CVE-2013-6282. This can be exploited
to obtain root rights.
Vulnerability #3 - Embedded kernel vulnerable to CVE-2013-4787 (master
key)----------------------------The embedded Android kernel is
vulnerable to CVE-2013-4787. This can be exploited to bypass the APK
signature system of Android.
Vulnerability #4 - Local escape shell
vulnerability----------------------------When the phone is encrypted,
it uses the passcode entered by the user to decrypt/encrypt files. The
passcode entered by the user is executed as root inside a shell
command without being filtered. An attacker just have to reboot the
phone, and once the phone asks for the passcode, enter the payload aka
s/Please enter your passcode/Please enter your payload/ . This can be
exploited to gain local code execution as root.
Eric Filiol, the main creator of the project, responded [2] (in
french) to the reported vulnerabilities.
Refs:[1]
http://esec-lab.sogeti.com/post/A-quick-security-review-of-the-Uhuru-Mobile-demo-ROM[2]
https://www.davfi.fr/news/News_2014_03_21.pdf?b=ull&sh=it&over=flow
Can a CVE be assigned for these vulnerabilities ?Thanks.
Antoine de Gaulle,Securely sent using SMS Perseus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ