Thanks Simon for the reply. Can you please also let me know how this bug can be exploited in an application.
I am just using Android API (SQLiteOpenHelper) for SQLite to access SQLiteDB CRUD operations. We don't have authorization feature built into our client side. Even authentication is done from the server side. End Users don't have access to db directly. No SQL injection is possible too. Just wanted to check if this bug can be exploited in our application. Best Regards, Saurav On Mon, Apr 17, 2017 at 2:46 PM, Simon Slavin <slav...@bigfraud.org> wrote: > > On 17 Apr 2017, at 9:56am, Saurav Sarkar <saurav.sark...@gmail.com> wrote: > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6607 > > > > It mentions the escalation of privilege attack in Android due to an > > internal bug in SQlite > > > > We use SQLite distributed with Android in our application and use the > > normal Android APIs for SQLite Access .And use it for our CRUD > operations. > > > > I did not find any more details about this bug so would like to know in > > this list if this is a problem. > > SQLite 3.8.9, which according to the announcement fixed the relevant bug, > was released in April 2015, which is now two years ago. > > As described in the report, if you’re still using a version of Android > before 5.1.1 the bug will still effect the platform. > > > Would like to know if the same vulnerability applies for Windows > universal > > platform as well. > > SQLite is not built into that platform. If you wish to use SQLite on WUP > yourself, just make sure you include a current version, not a two year old > version. > > Simon. > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
