Issue #1143
closedbroadAnyWhere vulnerability - CVE-2014-8609
0%
Description
I've checked, that Replicant is vulnerable to the broadAnyWhere (bug: 17356824), registered as CVE-2014-8609.
More informations: http://seclists.org/fulldisclosure/2014/Nov/81
POC (Proof of Concept): https://www.youtube.com/watch?v=H05-6BoB4ng
Solution
AOSP diff: https://android.googlesource.com/platform/packages/apps/Settings/+/37b58a4
CM commit: https://github.com/CyanogenMod/android_packages_apps_Settings/commit/0d7a9ae528029b5f767136c238b6beff3f400ea0
Updated by Paul Kocialkowski over 9 years ago
- Target version changed from 21 to Any version
Updated by My Self over 9 years ago
I've tried to modify an existing patch to apply it to the Replicant source code.
I've provided the .patch on the mailing list here:
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000633.html
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000634.html
I've recompiled Replicant 4.2 (with this patch successfully applied before).
After that I've checked that Replicant is not vulnerable anymore to this topic.
Updated by My Self over 9 years ago
Wrong links, the right one is: http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000635.html
Updated by Paul Kocialkowski over 9 years ago
- Status changed from New to Closed
- Resolution set to fixed