CVE-2018-6597

The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:alcatel:a30_firmware:7.0:*:*:*:*:*:*:*
cpe:2.3:h:alcatel:a30:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:10

Type Values Removed Values Added
References () https://www.kryptowire.com/portal/android-firmware-defcon-2018/ - Third Party Advisory () https://www.kryptowire.com/portal/android-firmware-defcon-2018/ - Third Party Advisory

Information

Published : 2018-08-29 19:29

Updated : 2024-11-21 04:10


NVD link : CVE-2018-6597

Mitre link : CVE-2018-6597

CVE.ORG link : CVE-2018-6597


JSON object : View

Products Affected

alcatel

  • a30_firmware
  • a30