Issue #1227
closed
Added by Pep tide over 9 years ago.
Updated about 5 years ago.
Device:
Not device specific
Description
From the lock screen navigate to the Emergency Dialer or Camera app.
adb kill-server; adb shell
will prompt you with a confirmation dialog for ADB accesss.
Occurs even with FDE.
Files
Please propose a patch for fixing this in the current Replicant 4.2 code. If this was not fixed upstream (in either AOSP 4.2 or CyanogenMod 10.1), this is just a inherited problem and if no one is willing to backport a fix, it will stay as-is, just like the webview vulnerability.
- Device Not device specific added
Wolfgang Wiedmeyer wrote:
This was fixed in AOSP 4.4.3, but I could not find a CVE for this issue. The patch was very well hidden, but I eventually found it:
https://android.googlesource.com/platform/frameworks/base/+/1f52437%5E!/
Patch works and I cannot reproduce the bug with the patch applied.
I can't reproduce this bug on Replicant 6.0 0001, which makes sense if upstream AOSP fixed it in 4.4.3. (I didn't try to reproduce it on Replicant 4.2.)
- Status changed from New to Closed
- Resolution set to wontfix
This issue has been closed because Replicant 4.2 is no longer supported or maintained.
Also available in: Atom
PDF