Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)

🗓️ 30 Mar 2016 00:00:00Reported by NorthBitType 
zdt
 zdt🔗 0day.today👁 152 Views

Android 5.0.1 Metaphor Stagefright Exploit with ASLR Bypas

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Android libstagefright - Integer Overflow Remote Code Execution
18 Sep 201500:00
zdt
0day.today		Android Stagefright MP4 tx3g Integer Overflow Exploit
27 Sep 201600:00
zdt
Android Security Bulletins		Nexus Security Bulletin - September 2015Stay organized with collectionsSave and categorize content based on your preferences.
9 Sep 201500:00
androidsecurity
android		CVE-2015-3864
1 Sep 201500:00
android
android		Metaphor
9 Jul 201900:00
android
BDU FSTEC		The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
13 Oct 201500:00
bdu_fstec
Circl		CVE-2015-3864
17 Sep 201500:00
circl
CNVD		Google Android Stagefright Integer Overflow Vulnerability
23 Sep 201500:00
cnvd
Check Point Advisories		Google Android Stagefright MP4 Multiple Atoms Integer Overflow (CVE-2015-1538; CVE-2015-3824; CVE-2015-3829; CVE-2015-3864)
12 Aug 201500:00
checkpoint_advisories
CVE		CVE-2015-3864
1 Oct 201500:00
cve
Rows per page
Source: https://github.com/NorthBit/Metaphor
 
Metaphor - Stagefright with ASLR bypass By Hanan Be'er from NorthBit Ltd.
 
Link to whitepaper: https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf
 
Twitter: https://twitter.com/High_Byte
 
Metaphor's source code is now released! The source include a PoC that generates MP4 exploits in real-time and bypassing ASLR. The PoC includes lookup tables for Nexus 5 Build LRX22C with Android 5.0.1. Server-side of the PoC include simple PHP scripts that run the exploit generator - I'm using XAMPP to serve gzipped MP4 files. The attack page is index.php.
 
The exploit generator is written in Python and used by the PHP code.
 
usage: metaphor.py [-h] [-c CONFIG] -o OUTPUT {leak,rce,suicide} ...
 
positional arguments:
  {leak,rce,suicide}    Type of exploit to generate
 
optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        Override exploit configuration
  -o OUTPUT, --output OUTPUT
Credits: To the NorthBit team E.P. - My shining paladin, for assisting in boosting this project to achieve all the goals.
 
 
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39640.zip

#  0day.today [2018-01-09]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Mar 2016 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.90266
android securitymetaphor stagefrightaslr bypassnorthbit ltd. python exploitphp scripts
152