CVE-2015-6612 PoC — Android libmedia 权限许可和访问控制漏洞

Source

https://github.com/secmob/CVE-2015-6612

Associated Vulnerability

Title:Android libmedia 权限许可和访问控制漏洞 (CVE-2015-6612)
Description:Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。libmedia是其中的一个多媒体函数库组件。 Android 5.1.1及之前版本和6.0版本的libmedia中存在安全漏洞。攻击者可借助特制的应用程序利用该漏洞获取权限。

Readme

# CVE-2015-6612
The detail of the vulnerability please refer to description.pdf 
My sad story about this bug:
I repoted this issue to ZDI last March, at the beginning, they said they couldn't reproduce it in the latest Android, after half a month comunication, they decided not to pursue acquisition of the bug.
Holded this bug for a long time, and I reported it to Google at Aug 21, 2015, but it become a duplicated issue. 
https://code.google.com/p/android/issues/detail?id=183414
the funny thing is it's duplicated with the issue reported at Aug 23, 2015, which is ANDROID-23540426 
https://groups.google.com/forum/#!topic/android-security-updates/GwZn7sixask
I don't know how the hell Google calculated the data, just release the PoC for fun.

File Snapshot


 [4.0K]  /data/pocs/966095d020248319d82907d5fe697f346f38886f
├── [250K]  description.pdf
├── [4.0K]  poc
│   ├── [ 740]  Android.mk
│   ├── [3.9K]  service.cpp
│   └── [ 409]  test.sh
└── [ 748]  README.md

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!