Vulnerability identifier: #VU34818

Vulnerability risk: Medium

CVSSv3.1: 4.4 [AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:U/RC:C]

CVE-ID: CVE-2014-7951

CWE-ID: CWE-22

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Google Android
Operating systems & Components / Operating system

Vendor: Google

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the Android debug bridge (aka adb) in Android 4.0.4. A remote authenticated attacker can send a specially crafted HTTP request and physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a . (dot dot) in the tar archive headers.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Google Android: 4.0.4

---

External links
http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html
http://seclists.org/fulldisclosure/2015/Apr/51
http://www.securityfocus.com/bid/74211
http://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E!/#F0
http://www.exploit-db.com/exploits/36813/

---

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.