Full Disclosure mailing list archives
Re: [oss-security] CVE request: remote code execution in Android CTS
From: Mario Vilas <mvilas () gmail com>
Date: Mon, 20 Oct 2014 16:40:05 +0200
On Mon, Oct 20, 2014 at 4:27 AM, Grond <grond66 () gmail com> wrote:
Is this kind of file ever *intended* to be used as an executable script? If the answer is "no"; then you should apply fixes.
Seems to me like it was. Also, wouldn't a user who can edit those files also be able to, for example, patch the executable files as well? I haven't actually checked the file permissions but it seems like a reasonable assumption. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
- Re: CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
- Re: [oss-security] CVE request: remote code execution in Android CTS Nick Kralevich (Oct 19)
- Re: [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 19)
- Re: [oss-security] CVE request: remote code execution in Android CTS Mario Vilas (Oct 22)
- Re: [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 19)
- Re: CVE request: remote code execution in Android CTS Jann Horn (Oct 19)