Device can be tricked into exposing mtp service without being unlocked first
Bug #1525981 reported by
Michael Terry
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Fix Released
|
High
|
kevin gunn | ||
unity8 (Ubuntu) |
Fix Released
|
Undecided
|
Michael Terry |
Bug Description
Steps to reproduce:
- Boot your phone up (notice mtp is not accessible)
- Start to make an emergency call (notice mtp is not accessible)
- Cancel emergency call and go back to greeter (notice mtp IS accessible)
That's bad.
This happens because mtp-server pays attention to the greeter saying it's active over DBus. And the first time it says it's active, mtp-server makes itself available.
I believe the greeter has a bug where it briefly says it's inactive when transitioning between emergency dialer and the greeter. We should close that gap (once I confirm it exists).
Related branches
lp:~mterry/unity8/briefly-inactive
- Daniel d'Andrada (community): Abstain
- Josh Arenson: Approve
- PS Jenkins bot (community): Needs Fixing (continuous-integration)
-
Diff: 66 lines (+26/-4)2 files modifiedqml/Greeter/Greeter.qml (+1/-1)
tests/qmltests/Greeter/tst_Greeter.qml (+25/-3)
CVE References
Changed in unity8 (Ubuntu): | |
assignee: | nobody → Michael Terry (mterry) |
information type: | Private Security → Public Security |
description: | updated |
Changed in unity8 (Ubuntu): | |
status: | New → In Progress |
Changed in canonical-devices-system-image: | |
status: | New → Fix Committed |
importance: | Undecided → High |
assignee: | nobody → kevin gunn (kgunn72) |
milestone: | none → ww02-2016 |
Changed in canonical-devices-system-image: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is CVE-2015-7946