Project

General

Profile

Actions

Issue #1311

closed

Android KeyStore Stack Buffer Overflow - CVE-2014-3100

Added by My Self about 9 years ago. Updated about 9 years ago.

Status:
Rejected
Priority:
High
Assignee:
Category:
Security
Target version:
Start date:
03/30/2015
Due date:
% Done:

100%

Estimated time:
Resolution:
invalid
Device:
Grant:
Type of work:

Description

Replicant seems not to be affected to the vulnerability, listed here: http://redmine.replicant.us/boards/39/topics/8283?r=10425#message-10425
More details: https://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/
But why not adding the the "test for keystore crashing"-patch anyway?

Solution/Patches
AOSP patch: https://android.googlesource.com/platform/cts/+/cb35803


Files

CVE-2014-3100.zip (2.96 KB) CVE-2014-3100.zip My Self, 08/26/2015 11:42 AM
Actions #1

Updated by My Self about 9 years ago

  • File CVE-2014-3100.zip added

I've applied the patch "Test-for-keystore-crashing-due-to-malformed-names.patch" to my local Replicant sources.

Additionally I [git add]ed this files to the following path:
  • tests/tests/security/src/android/security/cts/KeystoreExploitTest.java
  • tests/tests/security/src/android/security/cts/Proc.java

(because of this, I provide this patch as a .zip(ped) patchset "CVE-2014-3100.zip"), which is attached.

Replicant <= 4.2 should not be affected by this vulnerability, but I would recommend to apply this CTS-"test for keystore crashing"-patch, anyway.

After merging this patch I've recompiled/reflashed Replicant 4.2 for my device without any misbehavior, and tested the functionalities for several hours, now.

@everyone: please review the patches and apply it if you like.

Actions #2

Updated by My Self about 9 years ago

  • % Done changed from 0 to 100
Actions #3

Updated by My Self about 9 years ago

  • File deleted (CVE-2014-3100.zip)
Actions #5

Updated by Paul Kocialkowski about 9 years ago

Well, since this only impacts the CTS, it won't benefit users in any way. Since I'd like to keep the diff between Replicant and CM to a minimal, perhaps we could consider dropping this?

Actions #6

Updated by My Self about 9 years ago

In consideration of the fact that Replicant (4.2) isn't vulnerable to this (CVE-2014-3100), I could live with the dropping of this (fully CTS related) patch.
Well, it was worth an offer :)

Actions #7

Updated by Paul Kocialkowski about 9 years ago

  • Status changed from New to Rejected
  • Resolution set to invalid
Actions

Also available in: Atom PDF