touch-packages team mailing list archive

Thread
Date

[Bug 1525981] Re: Device can be tricked into exposing mtp service without being unlocked first

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Tue, 15 Dec 2015 00:12:26 -0000
Reply-to: Bug 1525981 <1525981@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is CVE-2015-7946

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7946

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1525981

Title:
  Device can be tricked into exposing mtp service without being unlocked
  first

Status in unity8 package in Ubuntu:
  In Progress

Bug description:
  Steps to reproduce:

  - Boot your phone up (notice mtp is not accessible)
  - Start to make an emergency call (notice mtp is not accessible)
  - Cancel emergency call and go back to greeter (notice mtp IS accessible)

  That's bad.

  This happens because mtp-server pays attention to the greeter saying
  it's active over DBus.  And the first time it says it's active, mtp-
  server makes itself available.

  I believe the greeter has a bug where it briefly says it's inactive
  when transitioning between emergency dialer and the greeter.  We
  should close that gap (once I confirm it exists).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1525981/+subscriptions