• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[Lollipop] Stagefright Vulnerability Fix CVE-2015-6602 [S4 Exynos]

Search This thread

Ale95

Inactive Recognized Contributor
May 1, 2013
2,946
12,230
26
Making our phone more awesome!

Overview

Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device.

Description

According to a Zimperium zLabs blog post, Android's Stagefright engine contains multiple vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device. This vulnerability may at least partially affect all versions of Android starting from 2.2 (Froyo) and prior to 5.1.1_r9 (Lollipop).
An attacker with a victim's cell phone number may send maliciously crafted multimedia messages (MMS) which may be improperly parsed by the Stagefright tool. Other attack vectors may be possible.
According to Ars Technica, "successful exploits at the very least provide direct access to a phone's audio and camera feeds and to the external storage ... many older phones grant elevated system privileges to Stagefright code, a design that could allow attackers access to many more device resources."
Zimperium has released more information on these vulnerabilities, including a proof of concept code, patches, a video demoing the exploit and an Android app that detects the vulnerability.

The vulnerabilities include:
Code:
1.CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution
2.CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution
3.CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution
4.CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution
5.CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution
6.CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution
7.CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread
8.CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution
9.CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution
10.CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution

Since integer overflow is a type of memory error, Address Space Layout Randomization (ASLR) appears to partially mitigate this issue; Forbes reports that Android before 4.1 (Jelly Bean) have "inadequate exploit mitigations." ASLR was introduced in Android 4.0 and fully enabled in Android 4.1.

Impact
A remote attacker may be able to execute code on the Android device.

Solution
  • Apply an update
or
  • Flash attached fix

Download (CVE-2015-6602)
PLEASE MAKE A BACKUP before flashing.


Device Compatibility:
The latest fix works only on S4 Exynos running Lollipop.

This fix has been test successfully on (Exynos, ARM)
S4, I9500 [Stock and S6 Ports]

Now you would be able to test your device vulnerability using any of these apps: Stagefright Detector App or Stagefright Detector

Vulnerable
ornzva.png

Not Vulnerable
Screenshot_2015_12_23_16_22_38.png

Source: zimperium
 
Last edited:

milojoseph

Senior Member
Sep 18, 2012
2,169
721
Brooklyn
Can you make a mod for all samsung device?

Sent from my SM-G900T powered by AllianceROM
and boosted by speedy kernel
Lollipop ?
 

jasonick1

Member
Jul 4, 2014
22
1
Worked on my i9500 on DarkLord 5.0,?thanks
 

Attachments

  • 1451488023010.jpg
    1451488023010.jpg
    46.2 KB · Views: 394
  • 1451488035628.jpg
    1451488035628.jpg
    61.7 KB · Views: 394

deanst

New member
Apr 5, 2014
2
0
not working for me. stock lollipop 5.0.1 :confused:
i flash from recovery but still vulnerable
 

matze-66

Member
Jun 12, 2011
6
0
Hello,
I use a Galaxy S5 with 4.4.2 and I have still the Stagefright vulnerablity.
Could me help anybody which patch/fix is the right one for my device ?

I love my 4.4.2 and it works perfect, so I try to make no update to Android5 or Andrioid6.

thanks
 

Top Liked Posts

  • There are no posts matching your filters.
  • 10

    Overview

    Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device.

    Description

    According to a Zimperium zLabs blog post, Android's Stagefright engine contains multiple vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device. This vulnerability may at least partially affect all versions of Android starting from 2.2 (Froyo) and prior to 5.1.1_r9 (Lollipop).
    An attacker with a victim's cell phone number may send maliciously crafted multimedia messages (MMS) which may be improperly parsed by the Stagefright tool. Other attack vectors may be possible.
    According to Ars Technica, "successful exploits at the very least provide direct access to a phone's audio and camera feeds and to the external storage ... many older phones grant elevated system privileges to Stagefright code, a design that could allow attackers access to many more device resources."
    Zimperium has released more information on these vulnerabilities, including a proof of concept code, patches, a video demoing the exploit and an Android app that detects the vulnerability.

    The vulnerabilities include:
    Code:
    1.CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution
    2.CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution
    3.CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution
    4.CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution
    5.CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution
    6.CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution
    7.CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread
    8.CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution
    9.CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution
    10.CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution

    Since integer overflow is a type of memory error, Address Space Layout Randomization (ASLR) appears to partially mitigate this issue; Forbes reports that Android before 4.1 (Jelly Bean) have "inadequate exploit mitigations." ASLR was introduced in Android 4.0 and fully enabled in Android 4.1.

    Impact
    A remote attacker may be able to execute code on the Android device.

    Solution
    • Apply an update
    or
    • Flash attached fix

    Download (CVE-2015-6602)
    PLEASE MAKE A BACKUP before flashing.


    Device Compatibility:
    The latest fix works only on S4 Exynos running Lollipop.

    This fix has been test successfully on (Exynos, ARM)
    S4, I9500 [Stock and S6 Ports]

    Now you would be able to test your device vulnerability using any of these apps: Stagefright Detector App or Stagefright Detector

    Vulnerable
    ornzva.png

    Not Vulnerable
    Screenshot_2015_12_23_16_22_38.png

    Source: zimperium
    1
    Can you make a mod for all samsung device?

    Sent from my SM-G900T powered by AllianceROM
    and boosted by speedy kernel
    Lollipop

    Sorry but this not is possible, all the devices use diferent Stagefright files
    If u flash probably your ROM will not boot
    1
    not working for me. stock lollipop 5.0.1 :confused:
    i flash from recovery but still vulnerable

    Try it the new version posted today and updated to OL1
    1
    You are brilliant i tried it on my note3 N900 running s6 port & worked well [emoji1]



    Sent from my SM-G925F using Tapatalk
    1
    @frozen 27,
    My my note3 N900 running s6 is "Vulnerable"...how can i fix it pl?
    b24c1428ab5003f8ebca90c474781226.jpg

    Ths
    http://forum.xda-developers.com/showthread.php?p=65126233 [emoji30]

    Sent from my SM-G925F using Tapatalk