CVE-2020-0096 PoC — Android Framework 安全漏洞

Source

https://github.com/liuyun201990/StrandHogg2

Associated Vulnerability

Title:Android Framework 安全漏洞 (CVE-2020-0096)
Description:Android是美国谷歌（Google）和开放手持设备联盟（简称OHA）的一套以Linux为基础的开源操作系统。Framework是其中的一个Android框架组件。 Android 8.0版本、8.1版本和9版本中的Framework存在安全漏洞。攻击者可利用该漏洞提升权限。

Description

PoC of StrandHogg2 (CVE-2020-0096)

Readme

# StrandHogg2
- Poc for StrandHogg2 (CVE-2020-0096)
# Information of the original vulnerability
## Current Description
- In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109
## Severity
- CVSS 3.x Severity and Metrics:
    - Base Score: 7.8 HIGH
    - Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
## References
- https://source.android.com/security/bulletin/2020-05-01

File Snapshot


 [4.0K]  /data/pocs/bc5a4c875ef8d2d7dd01c0443bffaca945774103
├── [4.0K]  app
│   ├── [ 932]  build.gradle
│   ├── [ 751]  proguard-rules.pro
│   └── [4.0K]  src
│       └── [4.0K]  main
│           ├── [ 870]  AndroidManifest.xml
│           ├── [4.0K]  java
│           │   └── [4.0K]  cn
│           │       └── [4.0K]  wrlu
│           │           └── [4.0K]  strandhogg2
│           │               ├── [ 339]  Attack1Activity.java
│           │               ├── [ 339]  Attack2Activity.java
│           │               ├── [1.9K]  MainActivity.java
│           │               └── [ 337]  NormalActivity.java
│           └── [4.0K]  res
│               ├── [4.0K]  drawable
│               │   └── [5.5K]  ic_launcher_background.xml
│               ├── [4.0K]  drawable-v24
│               │   └── [1.7K]  ic_launcher_foreground.xml
│               ├── [4.0K]  layout
│               │   ├── [ 821]  activity_attack1.xml
│               │   ├── [ 822]  activity_attack2.xml
│               │   ├── [ 372]  activity_main.xml
│               │   └── [ 836]  activity_normal.xml
│               ├── [4.0K]  mipmap-anydpi-v26
│               │   ├── [ 272]  ic_launcher_round.xml
│               │   └── [ 272]  ic_launcher.xml
│               ├── [4.0K]  mipmap-hdpi
│               │   ├── [3.5K]  ic_launcher.png
│               │   └── [5.2K]  ic_launcher_round.png
│               ├── [4.0K]  mipmap-mdpi
│               │   ├── [2.6K]  ic_launcher.png
│               │   └── [3.3K]  ic_launcher_round.png
│               ├── [4.0K]  mipmap-xhdpi
│               │   ├── [4.8K]  ic_launcher.png
│               │   └── [7.3K]  ic_launcher_round.png
│               ├── [4.0K]  mipmap-xxhdpi
│               │   ├── [7.7K]  ic_launcher.png
│               │   └── [ 12K]  ic_launcher_round.png
│               ├── [4.0K]  mipmap-xxxhdpi
│               │   ├── [ 10K]  ic_launcher.png
│               │   └── [ 16K]  ic_launcher_round.png
│               └── [4.0K]  values
│                   ├── [ 208]  colors.xml
│                   ├── [  74]  strings.xml
│                   └── [ 383]  styles.xml
├── [ 564]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 53K]  gradle-wrapper.jar
│       └── [ 232]  gradle-wrapper.properties
├── [1.0K]  gradle.properties
├── [5.2K]  gradlew
├── [2.1K]  gradlew.bat
├── [ 11K]  LICENSE
├── [ 674]  README.md
└── [  46]  settings.gradle

20 directories, 37 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!