Defy republic init_runit

CVE numbers: CVE-2013-4777 [CVE-2013-4777], CVE-2013-5933 [CVE-2013-5933]
Coordinated disclosure?: true
Categories: permissions
Details: A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. [CVE-2013-4777] Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket. [CVE-2013-5933]
Discovered by: Justin Case [plus-jcase-defy-republic] on: 2013-07-09 [plus-jcase-defy-republic]
Reported on: 2013-09-24 [plus-jcase-defy-republic]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 2.3.7 [citation-needed] regex:
Affected devices: Defy Xt on Republic Wireless [CVE-2013-4777]
Affected manufacturers: Motorola [citation-needed]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-06; by: Laurent Simon, on: 2013-10-07

AndroidVulnerabilities.org