oss-sec mailing list archives
Re: [FD] [oss-security] CVE request: remote code execution in Android CTS
From: Mario Vilas <mvilas () gmail com>
Date: Mon, 20 Oct 2014 16:40:05 +0200
On Mon, Oct 20, 2014 at 4:27 AM, Grond <grond66 () gmail com> wrote:
Is this kind of file ever *intended* to be used as an executable script? If the answer is "no"; then you should apply fixes.
Seems to me like it was. Also, wouldn't a user who can edit those files also be able to, for example, patch the executable files as well? I haven't actually checked the file permissions but it seems like a reasonable assumption. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.”
Current thread:
- CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
- Re: CVE request: remote code execution in Android CTS Nick Kralevich (Oct 19)
- Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 19)
- Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Mario Vilas (Oct 20)
- Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 19)
- Re: CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
- Re: CVE request: remote code execution in Android CTS Nick Kralevich (Oct 19)