N/A

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.

N/A

N/A

Android'services/java/com/android/server/PackageManagerService.java'本地特权升级漏洞

Android是一款基于Linux内核和JAVA的开放源码的手机操作系统。 Android 1.5版本至1.5 CRB42的services/java/com/android/server/PackageManagerService.java中的PackageManagerService class没有适当地在应用程序安装过程中，sharedUserId请求处理时检测开发商的凭证，这会允许见机行事的攻击者通过创建一个能列出任意应用程序共享的用户ID，来访问应用程序数据。

N/A

N/A