Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

Thanks Simon for the reply. Can you please also let me know how this bug can be exploited in an application. I am just using Android API (SQLiteOpenHelper) for SQLite to access SQLiteDB CRUD operations. We don't have authorization feature built into our client side. Even authentication is done

Re: [sqlite] strange behaviour on sqlite shell output…

Am 17.04.2017 um 10:26 schrieb aotto: Am 15.04.2017 um 09:49 schrieb aotto: select Reporter, Partner, Year, PartnerCode from [EXEC-BtH0] where Reporter = 'AGO' Hi, I add the following code in shell.c if( w<0 ){ utf8_printf(p->out,"%*.*s%s",-w,-w, azArg[i] ?

[sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

Dear SQLite Experts, This is regarding SQlite vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6607 It mentions the escalation of privilege attack in Android due to an internal bug in SQlite We use SQLite distributed with Android in our application and use the normal

Re: [sqlite] strange behaviour on sqlite shell output…

Am 15.04.2017 um 09:49 schrieb aotto: select Reporter, Partner, Year, PartnerCode from [EXEC-BtH0] where Reporter = 'AGO' Hi, I add the following code in shell.c if( w<0 ){ utf8_printf(p->out,"%*.*s%s",-w,-w, azArg[i] ? azArg[i] : p->nullValue,

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

On 17 Apr 2017, at 9:56am, Saurav Sarkar wrote: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6607 > > It mentions the escalation of privilege attack in Android due to an > internal bug in SQlite > > We use SQLite distributed with Android in our

Re: [sqlite] strange behaviour on sqlite shell output…

Am 17.04.2017 um 10:34 schrieb aotto: ……… This is the isolated test case this shows the BUG #include "stdio.h" int main ( int argc, char **argv ) { // code int i=3; int w=11; // → ?? int nArg=4; char *rowSep="\n"; char *azArg[4] = {NULL,NULL,NULL,"EO EU WE €O

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

On 4/17/17, Saurav Sarkar wrote: > Dear SQLite Experts, > > This is regarding SQlite vulnerability > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6607 I don't know anything about this. It is the first I've heard of it. I could not figure out what it has to

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

On 17 Apr 2017, at 10:35am, Saurav Sarkar wrote: > Can you please also let me know how this bug can be exploited in an > application. The problem was apparently spotted as a theoretical vulnerability and no demonstration code was submitted. It was never reported to

Re: [sqlite] Database corruption, and PRAGMA fullfsync on macOS

Thanks Richard for your reply. Sorry about the COLLATE problem. That's a Couchbase Lite thing. I find it weird that a different WAL file is getting in there somehow when a power failure occurs. I'm a bit stumped at how it can even write to the file system the moment the power shuts down so I

Re: [sqlite] FTS5 query results different before/after MERGE command.

On 04/18/2017 02:00 AM, Jonathan Gaillard wrote: I have a db where I have a query returning results from something I believe is deleted already from a FTS5 table. This is a normal FTS5 table, not a contentless one so I used the normal DELETE. Only after I run: INSERT INTO

Re: [sqlite] potential bug

On 04/17/2017 10:42 PM, Bernard Schurdevin wrote: Hi, I get weird results (false positive) to PRAGMA foreign_key_check on WITHOUT ROWID table depending on foreign key field position. Thanks for reporting this. Should be fixed here: http://www.sqlite.org/src/info/690870bd7b2e607b Dan.

[sqlite] FTS5 query results different before/after MERGE command.

I have a db where I have a query returning results from something I believe is deleted already from a FTS5 table. This is a normal FTS5 table, not a contentless one so I used the normal DELETE. Only after I run: INSERT INTO MyFTSTable(MyFTSTable, rank) VALUES('automerge', 0); INSERT INTO

[sqlite] potential bug

Hi, I get weird results (false positive) to PRAGMA foreign_key_check on WITHOUT ROWID table depending on foreign key field position. Kind regards. = -- tested with Window CLI, versions 3.8.5, 3.9.2, 3.14.1,

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

Just amusing, and found while looking for above. Researchers have disclosed a vulnerability in *Android's* SQLite that can > leak sensitive information without an application having adequate > privileges. > ​So when did DRH sell out to Android? :-) From an old (2012) blog report ​HERE

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

On 4/17/17, Michael Falconer wrote: > These may enlighten a little..at least it appears to be related? > > http://www.cvedetails.com/cve/CVE-2015-6607/ > > IBM report Huh. That's not much of a

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

On 17 Apr 2017, at 10:29pm, Michael Falconer wrote: > From an old (2012) blog report ​HERE > Your recent links appear to be for other problems. This one, for instance, is from 2012.

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

These may enlighten a little..at least it appears to be related? http://www.cvedetails.com/cve/CVE-2015-6607/ IBM report On 17 April 2017 at 22:09, Simon Slavin wrote: > > On 17 Apr 2017, at 10:35am,

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

On 4/17/17, Simon Slavin wrote: > > On 17 Apr 2017, at 10:29pm, Michael Falconer > wrote: > >> From an old (2012) blog report ​HERE >> > > Your recent links appear to be