CVE-2014-7953 Information

Description

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running \pm install\ with the target apk and simultaneously running a crafted script to process logcat’s output looking for a dexopt line which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2015/Apr/52 http://www.securityfocus.com/archive/1/535296/100/1100/threaded http://www.securityfocus.com/bid/74213 https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b5E!/

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.0