Issue #1143
closedbroadAnyWhere vulnerability - CVE-2014-8609
0%
Description
I've checked, that Replicant is vulnerable to the broadAnyWhere (bug: 17356824), registered as CVE-2014-8609.
More informations: http://seclists.org/fulldisclosure/2014/Nov/81
POC (Proof of Concept): https://www.youtube.com/watch?v=H05-6BoB4ng
Solution
AOSP diff: https://android.googlesource.com/platform/packages/apps/Settings/+/37b58a4
CM commit: https://github.com/CyanogenMod/android_packages_apps_Settings/commit/0d7a9ae528029b5f767136c238b6beff3f400ea0
Updated by Paul Kocialkowski about 10 years ago
- Target version changed from 21 to Any version
Updated by My Self about 10 years ago
I've tried to modify an existing patch to apply it to the Replicant source code.
I've provided the .patch on the mailing list here:
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000633.html
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000634.html
I've recompiled Replicant 4.2 (with this patch successfully applied before).
After that I've checked that Replicant is not vulnerable anymore to this topic.
Updated by My Self about 10 years ago
Wrong links, the right one is: http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000635.html
Updated by Paul Kocialkowski about 10 years ago
- Status changed from New to Closed
- Resolution set to fixed