CVE-2011-0680
First published: Mon Jan 31 2011(Updated: )
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | <=2.2.1 | |
| Android | =1.5 | |
| Android | =1.6 | |
| Android | =2.1 | |
| Android | =2.2-rev1 | |
| Android | =2.3-rev1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://twitter.com/GalaxySsupport/statuses/28078194607263744
- http://www.engadget.com/2011/01/22/nexus-one-gets-tiny-update-to-android-2-2-2-probably-fixes-sms/
- http://phandroid.com/2011/01/21/android-2-3-2-update-pushing-to-nexus-s-phone-fixes-sms-bug/
- http://www.htcphones.net/nexus-one-update-to-android-2-2-2/
- http://android.git.kernel.org/?p=platform/packages/apps/Mms.git;a=commit;h=4d26623ce82230e8e7009adb921c5edea370a9e0
- http://android.git.kernel.org/?p=platform/packages/apps/Mms.git;a=commit;h=18d6b7e9d2e538fb3c0264332b96c02abf367267
- http://www.theinquirer.net/inquirer/news/1939386/google-updates-nexus-android-222
- http://www.samsunghub.com/2011/01/22/nexus-s-gets-android-2-3-2-fixes-sms-bug/
- http://www.securityfocus.com/bid/46105
- http://code.google.com/p/android/issues/detail?id=9392#c1620
- http://code.google.com/p/android/issues/detail?id=9392#c1460
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65125
- http://android.git.kernel.org/?p=platform/packages/apps/Mms.git%3Ba=commit%3Bh=18d6b7e9d2e538fb3c0264332b96c02abf367267
- http://android.git.kernel.org/?p=platform/packages/apps/Mms.git%3Ba=commit%3Bh=4d26623ce82230e8e7009adb921c5edea370a9e0
Frequently Asked Questions
What is the severity of CVE-2011-0680?
CVE-2011-0680 is classified as a moderate severity vulnerability due to its potential to expose sensitive SMS message data.
How do I fix CVE-2011-0680?
To fix CVE-2011-0680, users should update their Android devices to version 2.3.2 or higher where the issue has been resolved.
What versions of Android are affected by CVE-2011-0680?
CVE-2011-0680 affects Android versions 1.5, 1.6, 2.1, and 2.2 up to 2.2.1.
What type of attack does CVE-2011-0680 enable?
CVE-2011-0680 enables remote attackers to read SMS messages that are intended for other recipients.
Is there a workaround for CVE-2011-0680 before updating?
There are no documented workarounds for CVE-2011-0680, so the best option is to update to a secure version of Android.
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- vendor/google
- canonical/android
- version/android/2.2.1
- version/android/1.5
- version/android/1.6
- version/android/2.1
- version/android/2.2-rev1
- version/android/2.3-rev1