Lucene search
Ubuntu.comUB:CVE-2015-1538HistoryOct 01, 2015 - 12:00 a.m.
CVE-2015-1538
2015-10-0100:00:00
ubuntu.com
ubuntu.com
12
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.956 High
EPSS
Percentile
99.4%
Integer overflow in the SampleTable::setSampleToChunkParams function in
SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows
remote attackers to execute arbitrary code via crafted atoms in MP4 data
that trigger an unchecked multiplication, aka internal bug 20139950, a
related issue to CVE-2015-4496.
Notes
| Author | Note |
|---|---|
| jdstrand | there are limited public details on the issue and these will not be disclosed until BlackHat/DEFCON next month. Will use this CVE for all information until details are published the following patches are the likely fixes (12.1): http://review.cyanogenmod.org/#/c/102619/ (code not present, requires edd4a76eb4747bd19ed122df46fa46b452c12a0d) http://review.cyanogenmod.org/#/c/102620/ (ebf0d0940f7f42b220b19d3baaee7efb4c6b787d) http://review.cyanogenmod.org/#/c/102623/ (4a39c150327e080072d5f8e4239c6bbbbabd48d8) http://review.cyanogenmod.org/#/c/103266/ (7ff5505d36b1cfd8b03497e0fb5aa24b5b099e45) http://review.cyanogenmod.org/#/c/103267/ (b1f29294f1a5831eb52a81d3ee082a9475f6e879) http://review.cyanogenmod.org/#/c/103268/ (889ae4ad7227c395615d03b24a1667caa162c75f) http://review.cyanogenmod.org/#/c/103269/ (9824bfd6eec1daa93cf76b6f4199602fe35f1d9d, code not present on 15.04/15.10) http://review.cyanogenmod.org/#/c/103270/ (57db9b42418b434751f609ac7e5539367e9f01a6, code not present on 15.04/15.10) the attack appears to be if an application opens a specially crafted MPEG4 file, an attacker could cause an application crash or execute arbitrary code by accessing out of bounds memory. In the case of android, the video could be texted to the victimβs number and the system will automatically start processing the video by examining the videoβs container and metadata Ubuntuβs βandroidβ package is based on Cyanogenmod 12.0 Ubuntu 14.04 βandroidβ package is affected but no supported images use it All patches (ESDS, SampleTable and MPEG4Extractor) are for MPEG-4 processing media-hub will typically process MPEG4 files for the system and it uses gst-plugins-bad which uses media_codec_* from libhybris but libhybris doesnβt expose the affected stagefright code (confirmed with jhodapp and rsalveti). Therefore, the specific attack of texting a crafted video will not work services and well-behaved Ubuntu Store apps may access the stagefright library via libhybris, but libhybris doesnβt expose the affected code so these services and apps are not affected malicious Ubuntu Store apps could access the stagefright library but are otherwise isolated by the app-specific AppArmor profiles malicious Ubuntu Store apps could access one of the binder services in the container via /dev/binder but none of them use stagefright (the services are: healthd, servicemanager, rild, drmserver, camera_service and sensorservice, all confirmed via their respective Android.mk files to not link stagefright) based on the above, adjust priority to βnegligibleβ |
References
review.cyanogenmod.org/#/q/status:merged+project:CyanogenMod/android_frameworks_av+branch:cm-12.0
review.cyanogenmod.org/#/q/status:merged+project:CyanogenMod/android_frameworks_av+branch:cm-12.1
launchpad.net/bugs/cve/CVE-2015-1538
nvd.nist.gov/vuln/detail/CVE-2015-1538
plus.google.com/+CyanogenMod/posts/7iuX21Tz7n8
security-tracker.debian.org/tracker/CVE-2015-1538
wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Stagefright
www.cve.org/CVERecord?id=CVE-2015-1538
Related
android
android
CVE-2015-1538
2015-08-01 00:00:00
Stagefright
2015-07-21 00:00:00
ubuntucve
ubuntucve
cve
cve
prion
prion
Integer overflow
2015-08-16 01:59:00
Integer overflow
2015-10-01 00:59:00
Integer overflow
2015-10-01 00:59:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-93) - Linux
2021-11-11 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (May 2015) - Mac OS X
2015-05-21 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (May 2015) - Windows
2015-05-21 00:00:00
mozilla
mozilla
seebug
seebug
Android Stagefright Media Playback Engine θΏη¨δ»£η ζ§θ‘ζΌζ΄
2015-09-10 00:00:00
zdt
zdt
Android Stagefright - Remote Code Execution Exploit
2015-09-09 00:00:00
exploitpack
exploitpack
Google Android - Stagefright Remote Code Execution
2015-09-09 00:00:00
packetstorm
packetstorm
Android Stagefright Remote Code Execution
2015-09-10 00:00:00
threatpost
threatpost
Android Stagefright Exploit Code Released to Public
2015-09-09 12:06:08
exploitdb
exploitdb
Google Android - 'Stagefright' Remote Code Execution
2015-09-09 00:00:00
thn
thn
Android Stagefright Exploit Code Released
2015-09-11 02:11:00
githubexploit
githubexploit
Exploit for CVE-2015-1538
2020-05-12 17:59:48
checkpoint_advisories
checkpoint_advisories
redhat
redhat
(RHSA-2015:0988) Critical: firefox security update
2015-05-12 00:00:00
nessus
nessus
CentOS 5 / 6 / 7 : firefox (CESA-2015:0988)
2015-05-13 00:00:00
RHEL 5 / 6 / 7 : firefox (RHSA-2015:0988)
2015-05-13 00:00:00
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0988)
2015-05-13 00:00:00
centos
centos
firefox security update
2015-05-13 00:01:13
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:39:10
huawei
huawei
cert
cert
Android Stagefright contains multiple vulnerabilities
2015-07-28 00:00:00
kaspersky
kaspersky
KLA10584 Multiple vulnerabilities in Mozilla products
2015-05-12 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-05-12 00:00:00
androidsecurity
androidsecurity
Nexus Security BulletinβAugust 2015
2015-08-13 00:00:00
securityvulns
securityvulns
mageia
mageia
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.956 High
EPSS
Percentile
99.4%
Related for UB:CVE-2015-1538