[Lollipop] Stagefright Vulnerability Fix CVE-2015-6602[Snapdragon][22 Oct]

Search This thread

Kamy

Senior Member
Aug 29, 2012
5,335
19,304
Beijing


Overview

Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device.

Description

According to a Zimperium zLabs blog post, Android's Stagefright engine contains multiple vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device. This vulnerability may at least partially affect all versions of Android starting from 2.2 (Froyo) and prior to 5.1.1_r9 (Lollipop).
An attacker with a victim's cell phone number may send maliciously crafted multimedia messages (MMS) which may be improperly parsed by the Stagefright tool. Other attack vectors may be possible.
According to Ars Technica, "successful exploits at the very least provide direct access to a phone's audio and camera feeds and to the external storage ... many older phones grant elevated system privileges to Stagefright code, a design that could allow attackers access to many more device resources."
Zimperium has released more information on these vulnerabilities, including a proof of concept code, patches, a video demoing the exploit and an Android app that detects the vulnerability.


The vulnerabilities include:
Code:
1.CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution
2.CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution
3.CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution
4.CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution
5.CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution
6.CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution
7.CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread
8.CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution
9.CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution
10.CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution

Since integer overflow is a type of memory error, Address Space Layout Randomization (ASLR) appears to partially mitigate this issue; Forbes reports that Android before 4.1 (Jelly Bean) have "inadequate exploit mitigations." ASLR was introduced in Android 4.0 and fully enabled in Android 4.1.

Impact
A remote attacker may be able to execute code on the Android device.

Solution
  • Apply an update
or
  • Flash attached fix
Download (CVE-2015-6602)
PLEASE MAKE A BACKUP before flashing.

Device Compatibility:
The latest fix works only on Note 3 Snapdragon running Lollipop.

This fix has been test successfully on (Snapdragon, ARM)
Note 3,
Note 4,
S5, Snapdragon
S6 Port only
Note Edge
devices.

Seems no luck for following device:
S5 - 900H Exynos
S6.

S4, I9505 see here


Now you would be able to test your device vulnerability using any of these apps: Stagefright Detector App or Stagefright Detector

Vulnerable

2zs1qaq.jpg



Vulnerable (stagefright detector app shows vulnerability issue after update)

ornzva.jpg



Patch Fix for CVE-2015-3864

r79f15.jpg



Patch Fix for CVE-2015-6602

vduaf.jpg



Source: zimperium
thanks @cantenna to find the proper libs for patch CVE-2015-6602
 
Last edited:

and2

Senior Member
Sep 25, 2008
1,612
1,200
Halle
Overview

Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device.

Thank you mate, it also works on OD6.
 
Last edited:

thereassaad

Recognized Contributor
Aug 22, 2013
7,620
9,713
Bierut
Kmokhtar79 how u say its working on S6 & its give me here on my S6 bootloop mate ?

Sorry but this what happened here anyway i find a fix for it thanks ... [emoji16][emoji16]

Sent from my SM-G925F using Tapatalk
 
Last edited:
  • Like
Reactions: edzamber

Kamy

Senior Member
Aug 29, 2012
5,335
19,304
Beijing
Kmokhtar79 how u say its working on S6 & its give me here on my S6 bootloop mate ?

Sorry but this what happened here anyway i find a fix for it thanks ... [emoji16][emoji16]

Sent from my SM-G925F using Tapatalk
According to post 4. I guess that couldn't provide enough proof that it would also work on S6 as it uses arm64 I would edit op.

Sent from my SM-N9005 using Tapatalk
 
  • Like
Reactions: thereassaad

Top Liked Posts

  • There are no posts matching your filters.
  • 97


    Overview

    Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device.

    Description

    According to a Zimperium zLabs blog post, Android's Stagefright engine contains multiple vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device. This vulnerability may at least partially affect all versions of Android starting from 2.2 (Froyo) and prior to 5.1.1_r9 (Lollipop).
    An attacker with a victim's cell phone number may send maliciously crafted multimedia messages (MMS) which may be improperly parsed by the Stagefright tool. Other attack vectors may be possible.
    According to Ars Technica, "successful exploits at the very least provide direct access to a phone's audio and camera feeds and to the external storage ... many older phones grant elevated system privileges to Stagefright code, a design that could allow attackers access to many more device resources."
    Zimperium has released more information on these vulnerabilities, including a proof of concept code, patches, a video demoing the exploit and an Android app that detects the vulnerability.


    The vulnerabilities include:
    Code:
    1.CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution
    2.CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution
    3.CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution
    4.CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution
    5.CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution
    6.CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution
    7.CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread
    8.CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution
    9.CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution
    10.CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution

    Since integer overflow is a type of memory error, Address Space Layout Randomization (ASLR) appears to partially mitigate this issue; Forbes reports that Android before 4.1 (Jelly Bean) have "inadequate exploit mitigations." ASLR was introduced in Android 4.0 and fully enabled in Android 4.1.

    Impact
    A remote attacker may be able to execute code on the Android device.

    Solution
    • Apply an update
    or
    • Flash attached fix
    Download (CVE-2015-6602)
    PLEASE MAKE A BACKUP before flashing.

    Device Compatibility:
    The latest fix works only on Note 3 Snapdragon running Lollipop.

    This fix has been test successfully on (Snapdragon, ARM)
    Note 3,
    Note 4,
    S5, Snapdragon
    S6 Port only
    Note Edge
    devices.

    Seems no luck for following device:
    S5 - 900H Exynos
    S6.

    S4, I9505 see here


    Now you would be able to test your device vulnerability using any of these apps: Stagefright Detector App or Stagefright Detector

    Vulnerable

    2zs1qaq.jpg



    Vulnerable (stagefright detector app shows vulnerability issue after update)

    ornzva.jpg



    Patch Fix for CVE-2015-3864

    r79f15.jpg



    Patch Fix for CVE-2015-6602

    vduaf.jpg



    Source: zimperium
    thanks @cantenna to find the proper libs for patch CVE-2015-6602
    14
    I made this complete stagefright fix so far I only tested on N900TUVUFOB6 should work on other Note 3 Snapdragon based devices
    Download HERE
    Flash at your own risk

    Screenshot is from latest stagefright detector
    9
    Succes !!! FIX FOR I9505 LOLLIPOP STOCK ROMS !!!



    Here you go :)

    http://www.mediafire.com/?9n2mi199oyrmm8c

    Can it be add to OP please ?
    Thanks ;)
    9
    OP Updated

    The latest patch fix for CVE-2015-1538 vulnerability in Android’s media library has been added, libs are taken from latest firmware N9005XXUGBOI8 for Samsung Galaxy Note 3 9005
    thanks @cantenna
    8
    Patched updated to fix left over vulnerability issue
    thanks @mastergrillo

    r79f15.jpg
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone