关联漏洞
标题:Android libmedia 权限许可和访问控制漏洞 (CVE-2015-6612)Description:Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。libmedia是其中的一个多媒体函数库组件。 Android 5.1.1及之前版本和6.0版本的libmedia中存在安全漏洞。攻击者可借助特制的应用程序利用该漏洞获取权限。
介绍
# CVE-2015-6612
The detail of the vulnerability please refer to description.pdf
My sad story about this bug:
I repoted this issue to ZDI last March, at the beginning, they said they couldn't reproduce it in the latest Android, after half a month comunication, they decided not to pursue acquisition of the bug.
Holded this bug for a long time, and I reported it to Google at Aug 21, 2015, but it become a duplicated issue.
https://code.google.com/p/android/issues/detail?id=183414
the funny thing is it's duplicated with the issue reported at Aug 23, 2015, which is ANDROID-23540426
https://groups.google.com/forum/#!topic/android-security-updates/GwZn7sixask
I don't know how the hell Google calculated the data, just release the PoC for fun.
文件快照
[4.0K] /data/pocs/966095d020248319d82907d5fe697f346f38886f
├── [250K] description.pdf
├── [4.0K] poc
│ ├── [ 740] Android.mk
│ ├── [3.9K] service.cpp
│ └── [ 409] test.sh
└── [ 748] README.md
1 directory, 5 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →