Vulners
Lucene search
Android Rowhammer attack vulnerability (Drammer)
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Android Security Bulletin—November 2016Stay organized with collectionsSave and categorize content based on your preferences. | 7 Nov 201600:00 | – | androidsecurity |
 | CVE-2016-6728 | 1 Nov 201600:00 | – | android |
 | Multiple Google products kernel ION subsystem elevation of privilege vulnerability (CNVD-2016-11151) | 11 Nov 201600:00 | – | cnvd |
 | CVE-2016-6728 | 25 Nov 201616:00 | – | cve |
 | CVE-2016-6728 | 25 Nov 201616:00 | – | cvelist |
 | EUVD-2016-7631 | 7 Oct 202500:30 | – | euvd |
 | CVE-2016-6728 | 25 Nov 201616:59 | – | nvd |
 | UBUNTU-CVE-2016-6728 | 25 Nov 201616:59 | – | osv |
 | Privilege escalation | 25 Nov 201616:59 | – | prion |
 | Critical Android Vulnerability 'Drammer' Impacts Millions of Handsets | 24 Oct 201612:28 | – | threatpost |
10
PoC代码请参考: https://github.com/vusec/drammer
# Native installation
To build the native binary, you need an Android NDK toolchain. I used
android-ndk-r11c:
```
wget https://dl.google.com/android/repository/android-ndk-r11c-linux-x86_64.zip
unzip android-ndk-r11c-linux-x86_64.zip
cd android-ndk-r11c
./build/tools/make-standalone-toolschain.sh --ndk-dir=`pwd` --arch=arm --platform=android-24 --install-dir=./sysroot-arm/ --verbose
```
You should then update the `STANDALONE_TOOLCHAIN` variable and be able to compile the binary:
```
cd native
sed -i 's#^\(STANDALONE_TOOLCHAIN=\s*\).*$#\1/path/to/android-ndk-r11c/sysroot-arm/bin#' Makefile
make
```
This gives you a stripped ARMv7 binary that you can run on both ARMv7 (32-bit)
and ARMv8 (64-bit) devices. The Makefile provides an install feature that uses
the Android Debug Bridge (adb) to push the binary to your device's
/data/local/tmp/ directory. You can install adb by doing a `sudo apt-get install
android-tools-adb` (on Ubuntu) or by installing the Android SDK via
[android.com](https://developer.android.com/studio/index.html#downloads). Then
do a:
```
make install
make test
```
to install and start the Rowhammer test binary. Once installed, you may also
invoke it from the shell directly:
```
adb shell
cd /data/local/tmp
./rh-test
```
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Oct 2016 00:00Current
7.5High risk
Vulners AI Score7.5
EPSS0.00312