package fuzion24.device.vulnerability.vulnerabilities.kernel;
import android.content.Context;
import java.util.ArrayList;
import java.util.List;
import fuzion24.device.vulnerability.util.CPUArch;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;
public class CVE_2011_1149 implements VulnerabilityTest {
static {
System.loadLibrary("cve-2011-1149");
}
@Override
public List<CPUArch> getSupportedArchitectures() {
ArrayList<CPUArch> archs = new ArrayList<>();
archs.add(CPUArch.ARM);
archs.add(CPUArch.ARM7);
return archs;
}
/*
Fixes:
https://android.googlesource.com/kernel/common/+/c98a285075f26e2b17a5baa2cb3eb6356a75597e
https://android.googlesource.com/platform/system/core/+/25b15be9120bcdaa0aba622c67ad2c835d9e91ca
Discussion:
https://groups.google.com/forum/#!topic/android-security-discuss/Ffl2WMiNaCc
Exploits:
http://c-skills.blogspot.com/2011/01/adb-trickery-again.html
https://github.com/tmzt/g2root-kmod/blob/master/scotty2/psneuter/psneuter.c
Other:
https://github.com/ucam-cl-dtg/android-com.device.vulnerability.vulnerabilities/blob/master/input/com.device.vulnerability.vulnerabilities/KillingInTheNameOf_psneuter_ashmem.json
http://www.cvedetails.com/cve/CVE-2011-1149/
*/
@Override
public String getCVEorID() {
return "CVE-2011-1149";
}
@Override
public boolean isVulnerable(Context context) throws Exception {
int checkVal = checkASHMemMap();
if(checkVal == 0) {
return false;
}else if(checkVal == 1) {
return true;
}else {
//TODO: grab more information about failure, errno and error string
throw new Exception("Error running test");
}
}
private native int checkASHMemMap();
}