Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0606

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2009-0606
Last Modified 26 Feb 2009 02:07:58
Published 17 Feb 2009 12:30:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0606

Summary

The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly a related issue to CVE-2002-0820.

Vulnerable Systems

Application

  • Openhandsetalliance Android Sdk 1.0


References

XF - android-dynamic-linker-privilege-escalation(48840)

BID - 33695

BUGTRAQ - 20090208 rooting your own phone: android security


Last Updated: 27 May 2016 10:50:18