Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-7911 PoC — Android 权限许可和访问控制漏洞

Source
https://github.com/retme7/CVE-2014-7911_poc
Associated Vulnerability
Title:Android 权限许可和访问控制漏洞 (CVE-2014-7911)
Description:Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。 Android 5.0.0之前版本的java.io.ObjectInputStream实现中的luni/src/main/java/java/io/ObjectInputStream.java文件存在安全漏洞,该漏洞源于程序没有检查反序列化的对象是否可以序列化。攻击者可借助序列化对象的finalize方
Description
Local root exploit for Nexus5 Android 4.4.4(KTU84P)
Readme
# CVE-2014-7911_poc
Local root exploit for Nexus5 Android 4.4.4(KTU8P)

author:  retme  (retme7@gmail.com)

@returnsme on twitter & @retme on weibo

website: retme.net

# how to build

Import the project into eclipse,and build.

./cve20147911/assets/msmattack is the binary file of CVE-2014-4322 exploit.You can find it here: https://github.com/retme7/CVE-2014-4322_poc


# bug info

http://seclists.org/fulldisclosure/2014/Nov/51

# analysis

http://researchcenter.paloaltonetworks.com/2015/01/cve-2014-7911-deep-dive-analysis-android-system-service-vulnerability-exploitation
File Snapshot

 [4.0K]  /data/pocs/550f9da0e967fc70c2b8e96fae19e1865e6eea12
├── [4.0K]  cve20147911
│   ├── [ 882]  AndroidManifest.xml
│   ├── [4.0K]  assets
│   │   └── [ 13K]  msmattack
│   ├── [4.0K]  bin
│   │   ├── [ 882]  AndroidManifest.xml
│   │   ├── [4.0K]  classes
│   │   │   ├── [4.0K]  AAdroid
│   │   │   │   └── [4.0K]  os
│   │   │   │       └── [ 460]  BinderProxy.class
│   │   │   └── [4.0K]  c
│   │   │       └── [4.0K]  v
│   │   │           └── [4.0K]  e
│   │   │               ├── [ 319]  BuildConfig.class
│   │   │               ├── [ 675]  MainActivity$1.class
│   │   │               ├── [3.2K]  MainActivity$2.class
│   │   │               ├── [9.8K]  MainActivity.class
│   │   │               ├── [ 301]  R$attr.class
│   │   │               ├── [ 422]  R$dimen.class
│   │   │               ├── [ 368]  R$drawable.class
│   │   │               ├── [ 379]  R$id.class
│   │   │               ├── [ 364]  R$layout.class
│   │   │               ├── [ 433]  R$string.class
│   │   │               └── [ 475]  R.class
│   │   ├── [808K]  classes.dex
│   │   ├── [320K]  cve201479xx.apk
│   │   ├── [4.0K]  dexedLibs
│   │   │   └── [267K]  android-support-v4-d251224c5724ea4b6c5d402462916368.jar
│   │   ├── [ 120]  jarlist.cache
│   │   ├── [4.0K]  res
│   │   │   └── [4.0K]  crunch
│   │   │       ├── [4.0K]  drawable-hdpi
│   │   │       │   └── [5.8K]  ic_launcher.png
│   │   │       ├── [4.0K]  drawable-mdpi
│   │   │       │   └── [3.0K]  ic_launcher.png
│   │   │       ├── [4.0K]  drawable-xhdpi
│   │   │       │   └── [9.1K]  ic_launcher.png
│   │   │       └── [4.0K]  drawable-xxhdpi
│   │   │           └── [ 17K]  ic_launcher.png
│   │   └── [ 46K]  resources.ap_
│   ├── [4.0K]  gen
│   │   └── [4.0K]  c
│   │       └── [4.0K]  v
│   │           └── [4.0K]  e
│   │               ├── [ 147]  BuildConfig.java
│   │               └── [1.3K]  R.java
│   ├── [ 50K]  ic_launcher-web.png
│   ├── [4.0K]  libs
│   │   └── [741K]  android-support-v4.jar
│   ├── [ 781]  proguard-project.txt
│   ├── [ 607]  project.properties
│   ├── [4.0K]  res
│   │   ├── [4.0K]  drawable-hdpi
│   │   │   └── [7.5K]  ic_launcher.png
│   │   ├── [4.0K]  drawable-mdpi
│   │   │   └── [3.7K]  ic_launcher.png
│   │   ├── [4.0K]  drawable-xhdpi
│   │   │   └── [ 12K]  ic_launcher.png
│   │   ├── [4.0K]  drawable-xxhdpi
│   │   │   └── [ 24K]  ic_launcher.png
│   │   ├── [4.0K]  layout
│   │   │   └── [ 996]  activity_main.xml
│   │   ├── [4.0K]  values
│   │   │   ├── [ 213]  dimens.xml
│   │   │   ├── [ 221]  strings.xml
│   │   │   └── [  27]  styles.xml
│   │   └── [4.0K]  values-w820dp
│   │       └── [ 373]  dimens.xml
│   └── [4.0K]  src
│       ├── [4.0K]  AAdroid
│       │   └── [4.0K]  os
│       │       └── [ 240]  BinderProxy.java
│       └── [4.0K]  c
│           └── [4.0K]  v
│               └── [4.0K]  e
│                   └── [ 18K]  MainActivity.java
└── [ 578]  README.md

35 directories, 42 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.