Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2348

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2009-2348
Last Modified 29 Feb 2012 12:00:00
Published 17 Jul 2009 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2348

Summary

Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.

Vulnerable Systems

Operating System

  • Google Android 1.5

Application

  • Android 1.5 Crbxx


References

XF - android-permission-security-bypass(51798)

BID - 35717

BUGTRAQ - 20090716 [oCERT-2009-011] Android improper camera and audio permission verification

MLIST - [oss-security] 20090716 [oCERT-2009-011] Android improper camera and audio permission verification

MISC - http://www.ocert.org/advisories/ocert-2009-011.html

CONFIRM - http://android.git.kernel.org/?p=platform/packages/apps/Camera.git;a=commit;h=e655d54160e5a56d4909f2459eeae9012e9f187f

CONFIRM - http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=7b7225c8fdbead25235c74811b30ff4ee690dc58

CONFIRM - http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=4d8adefd35efdea849611b8b02d61f9517e47760


Last Updated: 27 May 2016 10:58:19