Описание
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-0680
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65125
- http://android.git.kernel.org/?p=platform/packages/apps/Mms.git%3Ba=commit%3Bh=18d6b7e9d2e538fb3c0264332b96c02abf367267
- http://android.git.kernel.org/?p=platform/packages/apps/Mms.git%3Ba=commit%3Bh=4d26623ce82230e8e7009adb921c5edea370a9e0
- http://android.git.kernel.org/?p=platform/packages/apps/Mms.git;a=commit;h=18d6b7e9d2e538fb3c0264332b96c02abf367267
- http://android.git.kernel.org/?p=platform/packages/apps/Mms.git;a=commit;h=4d26623ce82230e8e7009adb921c5edea370a9e0
- http://code.google.com/p/android/issues/detail?id=9392#c1460
- http://code.google.com/p/android/issues/detail?id=9392#c1620
- http://phandroid.com/2011/01/21/android-2-3-2-update-pushing-to-nexus-s-phone-fixes-sms-bug
- http://twitter.com/GalaxySsupport/statuses/28078194607263744
- http://www.engadget.com/2011/01/22/nexus-one-gets-tiny-update-to-android-2-2-2-probably-fixes-sms
- http://www.htcphones.net/nexus-one-update-to-android-2-2-2
- http://www.samsunghub.com/2011/01/22/nexus-s-gets-android-2-3-2-fixes-sms-bug
- http://www.securityfocus.com/bid/46105
- http://www.theinquirer.net/inquirer/news/1939386/google-updates-nexus-android-222
EPSS
CVE ID
Связанные уязвимости
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
EPSS