lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20141020062103.GB5077@pc.thejh.net>
Date: Mon, 20 Oct 2014 08:21:03 +0200
From: Jann Horn <jann@...jh.net>
To: fulldisclosure@...lists.org
Cc: l.tuskington@...il.com
Subject: Re: [FD] CVE request: remote code execution in Android CTS

On Sun, Oct 19, 2014 at 07:28:33PM +1000, Lord Tuskington wrote:
> CTS parses api-coverage.xsl without providing the FEATURE_SECURE_PROCESSING
> option. See lines 60-67 of
> cts/tools/cts-api-coverage/src/com/android/cts/apicoverage/HtmlReport.java:
> 
> InputStream xsl =
> CtsApiCoverage.class.getResourceAsStream("/api-coverage.xsl");

Is this file on the android device or on the PC?


>        <xsl:variable name="Command"><![CDATA[calc.exe]]></xsl:variable>

This causes calc.exe to be run on the PC, right?

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ