Computer Security
[EN] securityvulns.ru
no-pyccku

  

Android UID protection bypass
Published:25.05.2009
Source:BUGTRAQ
SecurityVulns ID:9931
Type:local
Level:4/10
Description:Improper package UID validation allows application to access another application's data.
Affected:ANDROID : Android 1.5
CVE:CVE-2009-1754 (The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.)
Original documentdocumentWill Drewry, [oCERT-2009-006] Android improper package verification when using shared uids (25.05.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru