|
Is CVE-2009-1185 relevant for fremantle too
http://cve.mitre.org/cgi-bin/cvename...=CVE-2009-1185 describes that it is possible to get root priviledges from user space by tricking udev < 1.4.1.
The PR 1.2 udev is 0.125-7+142.maemo1+0m5 (definitely < 1.4.1??). So: is it possible to hack the system? Are updates of udev possible? How would Nokia react about generic linux vulnerabilities in future? |
Re: Is CVE-2009-1185 relevant for fremantle too
Serious question, or statement if you will: Does it really matter?
As you said, this is a local exploit. Physical access to the N900 means your data is compromised anyway. I treat my phone like I treat my wallet : ) Nobody touches it except for me. Aside from this, one need only install rootsh, no password required, and you have full system access anyway. |
Re: Is CVE-2009-1185 relevant for fremantle too
Quote:
Let's say you have a chrooted browser that's running under a different user. You'd feel pretty safe from any security problems in the browser, right? If the attacker can also gain root, you're not. |
Re: Is CVE-2009-1185 relevant for fremantle too
This vulnerability is a problem with Android smartphones. There is an app which looks like a coool wallpaper collection (downloaded very often). This app uses the vulnerability to send sensitive data home (to china). Source blackhat/Spiegel http://www.spiegel.de/netzwelt/web/0...9355-3,00.html (german, sorry), http://g3la.de/37 and others. The app works lokal :-(
|
| All times are GMT. The time now is 10:58. |
vBulletin® Version 3.8.8