Project

General

Profile

Actions
Copy link

Issue #1113

closed

Privilege Escalation vulnerability - CVE-2014-7911

Added by My Self over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
High
Assignee:
My Self
Category:
Security
Target version:
Any version
Start date:
12/08/2014
Due date:
% Done:

0%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:

Description

Description
I've checked, that Replicant is vulnerable to the Privilege Escalation (using ObjectInputStream), registered as CVE-2014-7911
more informations: http://seclists.org/fulldisclosure/2014/Nov/51

Solution
AOSP (5.0) patch: https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2
CM commit: https://github.com/CyanogenMod/android_libcore/commit/2d0fbea07c1a3c4368ddb07609d1a86993ed6de9

Actions
Copy link
 #1

Updated by Paul Kocialkowski over 10 years ago

  • Target version changed from 21 to Any version
Actions
Copy link
 #2

Updated by My Self over 10 years ago

I've tried to modify an existing patch to apply it to the Replicant source code.

I've provided the .patch on the mailing list here:
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000633.html
http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150112/000634.html

I've recompiled Replicant 4.2 (with this patch successfully applied before).
After that I've checked that Replicant is not vulnerable anymore to this topic.

Actions
Copy link
 #3

Updated by Paul Kocialkowski over 10 years ago

  • Status changed from New to Closed
  • Resolution set to fixed
Actions
Copy link

Also available in: Atom PDF