Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Richard Hipp
On 4/17/17, Simon Slavin wrote: > > On 17 Apr 2017, at 10:29pm, Michael Falconer > wrote: > >> From an old (2012) blog report ​HERE >> > > Your recent links appear to be

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Simon Slavin
On 17 Apr 2017, at 10:29pm, Michael Falconer wrote: > From an old (2012) blog report ​HERE > Your recent links appear to be for other problems. This one, for instance, is from 2012.

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Richard Hipp
On 4/17/17, Michael Falconer wrote: > These may enlighten a little..at least it appears to be related? > > http://www.cvedetails.com/cve/CVE-2015-6607/ > > IBM report Huh. That's not much of a

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Michael Falconer
Just amusing, and found while looking for above. Researchers have disclosed a vulnerability in *Android's* SQLite that can > leak sensitive information without an application having adequate > privileges. > ​So when did DRH sell out to Android? :-) From an old (2012) blog report ​HERE

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Michael Falconer
These may enlighten a little..at least it appears to be related? http://www.cvedetails.com/cve/CVE-2015-6607/ IBM report On 17 April 2017 at 22:09, Simon Slavin wrote: > > On 17 Apr 2017, at 10:35am,

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Simon Slavin
On 17 Apr 2017, at 10:35am, Saurav Sarkar wrote: > Can you please also let me know how this bug can be exploited in an > application. The problem was apparently spotted as a theoretical vulnerability and no demonstration code was submitted. It was never reported to

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Richard Hipp
On 4/17/17, Saurav Sarkar wrote: > Dear SQLite Experts, > > This is regarding SQlite vulnerability > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6607 I don't know anything about this. It is the first I've heard of it. I could not figure out what it has to

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Saurav Sarkar
Thanks Simon for the reply. Can you please also let me know how this bug can be exploited in an application. I am just using Android API (SQLiteOpenHelper) for SQLite to access SQLiteDB CRUD operations. We don't have authorization feature built into our client side. Even authentication is done

Re: [sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Simon Slavin
On 17 Apr 2017, at 9:56am, Saurav Sarkar wrote: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6607 > > It mentions the escalation of privilege attack in Android due to an > internal bug in SQlite > > We use SQLite distributed with Android in our

[sqlite] SQLite CVE-2015-6607 (Escalation of privilege issue )

2017-04-17 Thread Saurav Sarkar
Dear SQLite Experts, This is regarding SQlite vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6607 It mentions the escalation of privilege attack in Android due to an internal bug in SQlite We use SQLite distributed with Android in our application and use the normal