PT-2011-2906 · Google · Android

Published

2011-04-21

Updated

2011-04-23

CVE-2011-1149

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions prior to 2.3

Description The issue allows local applications to bypass the application sandbox and gain privileges due to improper access restriction to the system property space. This is related to the use of Android shared memory (ashmem) and ASHMEM SET PROT MASK.

Recommendations For Android versions prior to 2.3, consider restricting access to the system property space to prevent local applications from bypassing the application sandbox and gaining privileges. As a temporary workaround, consider disabling the use of ashmem and ASHMEM SET PROT MASK until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-1149

Affected Products

Android

PT-2011-2906 · Google · Android

CVE-2011-1149

Weakness Enumeration

Related Identifiers

Affected Products

References · 10