Project

General

Profile

Actions

Issue #1143

closed

broadAnyWhere vulnerability - CVE-2014-8609

Added by My Self about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
Start date:
12/28/2014
Due date:
% Done:

0%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:

Description

I've checked, that Replicant is vulnerable to the broadAnyWhere (bug: 17356824), registered as CVE-2014-8609.
More informations: http://seclists.org/fulldisclosure/2014/Nov/81
POC (Proof of Concept): https://www.youtube.com/watch?v=H05-6BoB4ng

Solution
AOSP diff: https://android.googlesource.com/platform/packages/apps/Settings/+/37b58a4
CM commit: https://github.com/CyanogenMod/android_packages_apps_Settings/commit/0d7a9ae528029b5f767136c238b6beff3f400ea0

Actions #1

Updated by Paul Kocialkowski about 10 years ago

  • Target version changed from 21 to Any version
Actions #2

Updated by My Self about 10 years ago

I've tried to modify an existing patch to apply it to the Replicant source code.

I've provided the .patch on the mailing list here:
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000633.html
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000634.html

I've recompiled Replicant 4.2 (with this patch successfully applied before).
After that I've checked that Replicant is not vulnerable anymore to this topic.

Actions #4

Updated by Paul Kocialkowski about 10 years ago

  • Status changed from New to Closed
  • Resolution set to fixed
Actions

Also available in: Atom PDF