CWE-926 Android应用程序组件导出不当
Improper Export of Android Application Components
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
扩展描述
The attacks and consequences of improperly exporting a component may depend on the exported component:
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 285 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 285 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
Paradigm: {'cwe_Name': 'Mobile', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Availability', 'Integrity'] | ['Unexpected State', 'DoS: Crash, Exit, or Restart', 'DoS: Instability', 'Varies by Context'] | Other applications, possibly untrusted, can launch the Activity. |
| ['Availability', 'Integrity'] | ['Unexpected State', 'Gain Privileges or Assume Identity', 'DoS: Crash, Exit, or Restart', 'DoS: Instability', 'Varies by Context'] | Other applications, possibly untrusted, can bind to the Service. |
| ['Confidentiality', 'Integrity'] | ['Read Application Data', 'Modify Application Data'] | Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider. |
可能的缓解方案
Build and Compilation
策略: Attack Surface Reduction
If they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.
Build and Compilation
策略: Attack Surface Reduction
If you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.
['Build and Compilation', 'Architecture and Design']
策略: Attack Surface Reduction
Limit Content Provider permissions (read/write) as appropriate.
['Build and Compilation', 'Architecture and Design']
策略: Separation of Privilege
Limit Content Provider permissions (read/write) as appropriate.
示例代码
例
This application is exporting an activity and a service in its manifest.xml:
bad XML
...
...
...
...
Because these components have intent filters but have not explicitly set 'android:exported=false' elsewhere in the manifest, they are automatically exported so that any other application can launch them. This may lead to unintended behavior or exploits.
例
This application has created a content provider to enable custom search suggestions within the application:
bad XML
android:authorities="com.example.vulnerableApp.searchDB">
Because this content provider is only intended to be used within the application, it does not need to be exported. However, in Android before 4.2, it is automatically exported thus potentially allowing malicious applications to access sensitive information.
引用
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论