Project

General

Profile

Issue #1035

Superuser vulnerabilities - CVE-2013-[6768/6769/6770]

Added by My Self over 6 years ago. Updated over 6 years ago.

Status:
Rejected
Priority:
High
Category:
Security
Target version:
Start date:
11/06/2014
Due date:
% Done:

0%

Estimated time:
Resolution:
invalid
Device:
Grant:
Type of work:

Description

I hope it's a good idea to open a bug ticket about the forum topic: http://redmine.replicant.us/boards/9/topics/6837

Summary
Replicant seems to be vulnerable to several security related superuser issues.
More informations: http://forum.xda-developers.com/showthread.php?t=2525552

I only found one single specific patch:
https://plus.google.com/103583939320326217147/posts/YpJaDwsSPsX
But in the changelog are more fixes "CVE-2013-6768, CVE-2013-6769, CVE-2013-6770" listed:
https://play.google.com/store/apps/details?id=com.koushikdutta.superuser

As mentioned by the user: http://redmine.replicant.us/users/1149 it seems to be a good idea to shift the superuser app out from the com.android.settings and use the (updateble) stand alone version from f-droid:
https://f-droid.org/repository/browse/?fdfilter=superuser&fdid=com.koushikdutta.superuser

Also available in: Atom PDF