Project

General

Profile

Actions

Issue #1113

closed

Privilege Escalation vulnerability - CVE-2014-7911

Added by My Self almost 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
Start date:
12/08/2014
Due date:
% Done:

0%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:

Description

Description
I've checked, that Replicant is vulnerable to the Privilege Escalation (using ObjectInputStream), registered as CVE-2014-7911
more informations: http://seclists.org/fulldisclosure/2014/Nov/51

Solution
AOSP (5.0) patch: https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2
CM commit: https://github.com/CyanogenMod/android_libcore/commit/2d0fbea07c1a3c4368ddb07609d1a86993ed6de9

Actions #1

Updated by Paul Kocialkowski over 9 years ago

  • Target version changed from 21 to Any version
Actions #2

Updated by My Self over 9 years ago

I've tried to modify an existing patch to apply it to the Replicant source code.

I've provided the .patch on the mailing list here:
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000633.html
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000634.html

I've recompiled Replicant 4.2 (with this patch successfully applied before).
After that I've checked that Replicant is not vulnerable anymore to this topic.

Actions #3

Updated by Paul Kocialkowski over 9 years ago

  • Status changed from New to Closed
  • Resolution set to fixed
Actions

Also available in: Atom PDF