CVE-2009-2348 - OpenCVE

Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=4d8adefd35efdea849611b8b02d61f9517e47760
http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=7b7225c8fdbead25235c74811b30ff4ee690dc58
http://android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba=commit%3Bh=e655d54160e5a56d4909f2459eeae9012e9f187f
http://www.ocert.org/advisories/ocert-2009-011.html
http://www.openwall.com/lists/oss-security/2009/07/16/4
http://www.securityfocus.com/archive/1/505012/100/0/threaded
http://www.securityfocus.com/bid/35717
https://exchange.xforce.ibmcloud.com/vulnerabilities/51798

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-17T16:00:00

Updated: 2024-08-07T05:44:56.000Z

Reserved: 2009-07-07T00:00:00

Link: CVE-2009-2348

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-07-17T16:30:00.953

Modified: 2023-11-07T02:04:06.660

Link: CVE-2009-2348

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba=commit%3Bh=e655d54160e5a56d4909f2459eeae9012e9f187f"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=7b7225c8fdbead25235c74811b30ff4ee690dc58"}, {"name": "android-permission-security-bypass(51798)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51798"}, {"name": "20090716 [oCERT-2009-011] Android improper camera and audio permission verification", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/505012/100/0/threaded"}, {"name": "[oss-security] 20090716 [oCERT-2009-011] Android improper camera and audio permission verification", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/07/16/4"}, {"name": "35717", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35717"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=4d8adefd35efdea849611b8b02d61f9517e47760"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2009-011.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2348", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://android.git.kernel.org/?p=platform/packages/apps/Camera.git;a=commit;h=e655d54160e5a56d4909f2459eeae9012e9f187f", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Camera.git;a=commit;h=e655d54160e5a56d4909f2459eeae9012e9f187f"}, {"name": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=7b7225c8fdbead25235c74811b30ff4ee690dc58", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=7b7225c8fdbead25235c74811b30ff4ee690dc58"}, {"name": "android-permission-security-bypass(51798)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51798"}, {"name": "20090716 [oCERT-2009-011] Android improper camera and audio permission verification", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505012/100/0/threaded"}, {"name": "[oss-security] 20090716 [oCERT-2009-011] Android improper camera and audio permission verification", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/07/16/4"}, {"name": "35717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35717"}, {"name": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=4d8adefd35efdea849611b8b02d61f9517e47760", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=4d8adefd35efdea849611b8b02d61f9517e47760"}, {"name": "http://www.ocert.org/advisories/ocert-2009-011.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2009-011.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:44:56.000Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba=commit%3Bh=e655d54160e5a56d4909f2459eeae9012e9f187f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=7b7225c8fdbead25235c74811b30ff4ee690dc58"}, {"name": "android-permission-security-bypass(51798)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51798"}, {"name": "20090716 [oCERT-2009-011] Android improper camera and audio permission verification", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/505012/100/0/threaded"}, {"name": "[oss-security] 20090716 [oCERT-2009-011] Android improper camera and audio permission verification", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/07/16/4"}, {"name": "35717", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35717"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=4d8adefd35efdea849611b8b02d61f9517e47760"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2009-011.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2348", "datePublished": "2009-07-17T16:00:00", "dateReserved": "2009-07-07T00:00:00", "dateUpdated": "2024-08-07T05:44:56.000Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "8C354829-6BEB-4C67-972A-60367073753C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone."}, {"lang": "es", "value": "Android v1.5 CRBxx permite a a usuarios locales saltarse los valores de la configuraci\u00f3n de (1) Manifest.permission.CAMERA (tambi\u00e9n conocido como android.permission.CAMERA) y (2) Manifest.permission.AUDIO_RECORD (tambien conocido como android.permission.RECORD_AUDIO) instalando y ejecutando una aplicaci\u00f3n que no hace una petici\u00f3n de permiso para usar la c\u00e1mara o el micr\u00f3fono."}], "id": "CVE-2009-2348", "lastModified": "2023-11-07T02:04:06.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-17T16:30:00.953", "references": [{"source": "cve@mitre.org", "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=4d8adefd35efdea849611b8b02d61f9517e47760"}, {"source": "cve@mitre.org", "url": "http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=7b7225c8fdbead25235c74811b30ff4ee690dc58"}, {"source": "cve@mitre.org", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Camera.git%3Ba=commit%3Bh=e655d54160e5a56d4909f2459eeae9012e9f187f"}, {"source": "cve@mitre.org", "url": "http://www.ocert.org/advisories/ocert-2009-011.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2009/07/16/4"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/505012/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35717"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51798"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}