Privilege Escalation vulnerability - CVE-2014-7911
I've checked, that Replicant is vulnerable to the Privilege Escalation (using ObjectInputStream), registered as CVE-2014-7911
more informations: http://seclists.org/fulldisclosure/2014/Nov/51
AOSP (5.0) patch: https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2
CM commit: https://github.com/CyanogenMod/android_libcore/commit/2d0fbea07c1a3c4368ddb07609d1a86993ed6de9
Updated by My Self almost 6 years ago
I've tried to modify an existing patch to apply it to the Replicant source code.
I've provided the .patch on the mailing list here:
I've recompiled Replicant 4.2 (with this patch successfully applied before).
After that I've checked that Replicant is not vulnerable anymore to this topic.
Updated by Paul Kocialkowski almost 6 years ago
- Status changed from New to Closed
- Resolution set to fixed