Native层漏洞列表 [OSVDB] (19)
Android_Pusher Library for Android contains a flaw related to domain name validation during certificate validation. The issue is due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. This may allow a man-in-the-middle attacker to spoof SSL servers via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream.
Google Android is vulnerable to a DNS Cache poisoning weakness that is triggered when the wrapper fails to randomly acquire a port with it's own DNS port implementation. After failing to do so ten times it will authorize the use res_randomid() function of res_init.c to complete the task. This function draws from the port from a predictable set of numbers, which may make it easier for a remote attacker to poison the DNS cache of a target user.
Android contains a flaw in the SQLite database that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the program creating journal files in directories with insecure world readable permissions. This may allow a local attacker to gain access to sensitive information stored in journal files.
Android contains a flaw that may allow a local denial of service. This issue is triggered when fork requests from processes with arbitrary UIDs are accepted by the Zygote process. This may allow a local attacker to cause a loss of availability for the device.
Android contains a flaw that is triggered when the built in factory reset feature fails to properly remove all information from the system, when ran from either the recovery console or inside. This may allow a physically present attacker to gain access to potentially sensitive information from a locked device, by first performing a factory reset and then recovering the information.