当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-039885

漏洞标题:雪球android客户端3.1.1本地拒绝服务漏洞

相关厂商:雪球

漏洞作者: Bincker

提交时间:2013-10-16 12:01

修复时间:2014-01-14 12:02

公开时间:2014-01-14 12:02

漏洞类型:拒绝服务

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-10-16: 细节已通知厂商并且等待厂商处理中
2013-10-16: 厂商已经确认,细节仅向厂商公开
2013-10-19: 细节向第三方安全合作伙伴开放
2013-12-10: 细节向核心白帽子及相关领域专家公开
2013-12-20: 细节向普通白帽子公开
2013-12-30: 细节向实习白帽子公开
2014-01-14: 细节向公众公开

简要描述:

雪球android客户端3.1.1本地拒绝服务漏洞

详细说明:

雪球android客户端3.1.1本地拒绝服务漏洞
存在可被外部程序调用的2个activity.

漏洞证明:

com.xueqiu.android.view.SBTAuthView
com.xueqiu.android.view.StockDetailActivity
该两个activity可被外部程序调用,导致进程crash
Dos vulnerability

I/WindowManager(   77): createSurface Window{416a0c18  paused=false}: DRAW NOW PENDING
W/ActivityManager(   77): Activity pause timeout for ActivityRecord{415ef860 com.xueqiu.android/.view.StockDetailActivity}
W/ActivityManager(   77): Launch timeout has expired, giving up wake lock!
W/ActivityManager(   77): Activity idle timeout for ActivityRecord{415d5bd0 com.xueqiu.android/.view.FindPeopleFromWeiBoActivity}
W/ActivityManager(   77): Activity destroy timeout for ActivityRecord{4165f8c0 com.xueqiu.android/.view.AccountBindingActivity}
W/ActivityManager(   77): Activity destroy timeout for ActivityRecord{415ef860 com.xueqiu.android/.view.StockDetailActivity}
D/dalvikvm(   77): GC_CONCURRENT freed 499K, 17% free 12928K/15431K, paused 6ms+8ms
I/Process ( 1183): Sending signal. PID: 1183 SIG: 9
I/ActivityManager(   77): Process com.xueqiu.android (pid 1183) has died.
W/ActivityManager(   77): Scheduling restart of crashed service com.xueqiu.android/.pn.MessageRecieverService in 5000ms
W/ActivityManager(   77): Force removing ActivityRecord{415d5bd0 com.xueqiu.android/.view.FindPeopleFromWeiBoActivity}: app died, no saved state
I/WindowManager(   77): WIN DEATH: Window{416d86a8 com.xueqiu.android/com.xueqiu.android.view.AccountBindingActivity paused=true}
W/NetworkManagementSocketTagger(   77): setKernelCountSet(10044, 0) failed with errno -2
I/WindowManager(   77): WIN DEATH: Window{415de9b0 com.xueqiu.android/com.xueqiu.android.view.FindPeopleFromWeiBoActivity paused=false}
W/NetworkManagementSocketTagger(   77): setKernelCountSet(10005, 1) failed with errno -2
I/WindowManager(   77): createSurface Window{416da608 com.android.launcher/com.android.launcher2.Launcher paused=false}: DRAW NOW PENDING
W/InputManagerService(   77): Got RemoteException sending setActive(false) notification to pid 1183 uid 10044
I/WindowManager(   77): createSurface Window{4163b750  paused=false}: DRAW NOW PENDING
I/ActivityManager(   77): Start proc com.xueqiu.android for service com.xueqiu.android/.pn.MessageRecieverService: pid=1215 uid=10044 gids={3003, 1015, 1007}
D/dalvikvm( 1215): GC_CONCURRENT freed 185K, 3% free 10168K/10439K, paused 3ms+4ms


xueqiu1.png


xueqiu2.png

修复方案:

禁止外部调用该两个activity
在manifest.xml中静态注册时阻止外部调用,设置为android:exported="false"

版权声明:转载请注明来源 Bincker@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2013-10-16 14:20

厂商回复:

感谢白帽子,这是上次修改不完善遗留下来的问题,虽然不会造成重要的隐私数据丢失,但是还是很好的给我们提了醒,需要认真对待每一个细节。

最新状态:

2013-10-21:已经修复

漏洞评价:

评论