CVE-2016-0846 PoC — Android IMemory Native Interface 提权漏洞

Source

https://github.com/secmob/CVE-2016-0846

Associated Vulnerability

Title:Android IMemory Native Interface 提权漏洞 (CVE-2016-0846)
Description:Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。IMemory Native Interface是其中的一个使用了Ashmem（匿名共享内存驱动）的内存共享接口。 Android的IMemory Native Interface中的libs/binder/IMemory.cpp文件存在提权漏洞。本地攻击者可借助特制的应用程序利用该漏洞在提权的系统应用上下文中执行任意代码。以下版本受到影响：Android 4.4.4之前版本，5.0

Description

arbitrary memory read/write by IMemroy OOB

File Snapshot


 [4.0K]  /data/pocs/87836252766862a1983a80a1a547a96620ef6f05
├── [ 740]  Android.mk
├── [  62]  READMD.md
└── [3.9K]  service.cpp

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!