Google Android Operating System < 4.4.0 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8664
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionThe Google Android operating system prior to 4.4.0 is affected by the following vulnerabilities:
- There is a flaw in the built-in browser that is due to the improper handling of NULL bytes by the URL parser. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2014-6041)
- There is an overflow condition in the DHCP client daemon 'dhcp.c' that is triggered when handling DHCP options. With a specially crafted ACK packet response, a context-dependent attacker can execute arbitrary code. (CVE-2014-7912)
- There is a flaw in the Bluetooth application stack that is triggered when handling Host Controller Interface commands prior to pairing. This may allow a remote attacker within short range of the device to force pairing and in turn execute arbitrary code. (CVE-2014-7914)
SolutionUpgrade to Google Android operating system version 4.4.0 or later if possible.