Vulnerability Name:

CVE-2014-7911 (CCN-98801)

Assigned:2014-11-19
Published:2014-11-19
Updated:2014-12-16
Summary:luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Google Web site
Android

Source: MITRE
Type: CNA
CVE-2014-7911

Source: CCN
Type: Full Disclosure Mailing List, Wed, 19 Nov 2014 02:31:15 +0100
CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream

Source: FULLDISC
Type: Exploit
20141119 CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream

Source: CCN
Type: BID-71176
Google Android CVE-2014-7911 Local Privilege Escalation Vulnerability

Source: CCN
Type: Google Source Web site
ObjectInputStream

Source: CONFIRM
Type: Vendor Advisory
https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2

Source: XF
Type: UNKNOWN
google-android-cve20147911-priv-esc(98801)

Source: CCN
Type: Packet Storm Security [11-19-2014]
Android Privilege Escalation

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-7911

Vulnerable Configuration:Configuration 1:
  • cpe:/o:google:android:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:1.6:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.2:rev1:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3:rev1:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:3.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:3.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:3.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.4:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:*:*:*:*:*:*:*:* (Version <= 4.4.4)

    • Configuration CCN 1:
  • cpe:/o:google:android:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.4:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:4.2.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google android 1.0
    google android 1.1
    google android 1.5
    google android 1.6
    google android 2.0
    google android 2.0.1
    google android 2.1
    google android 2.2
    google android 2.2 rev1
    google android 2.2.1
    google android 2.2.2
    google android 2.2.3
    google android 2.3
    google android 2.3 rev1
    google android 2.3.1
    google android 2.3.2
    google android 2.3.3
    google android 2.3.4
    google android 2.3.5
    google android 2.3.6
    google android 2.3.7
    google android 3.0
    google android 3.1
    google android 3.2
    google android 3.2.1
    google android 3.2.2
    google android 3.2.4
    google android 3.2.6
    google android 4.0
    google android 4.0.1
    google android 4.0.2
    google android 4.0.3
    google android 4.0.4
    google android 4.1
    google android 4.1.2
    google android 4.2
    google android 4.2.1
    google android 4.2.2
    google android 4.3
    google android 4.3.1
    google android 4.4
    google android 4.4.1
    google android 4.4.2
    google android 4.4.3
    google android *
    google android 3.0
    google android 4.3
    google android 4.4
    google android 4.3.1
    google android 4.2.1
    google android 4.2.2