Stagefright (bug) (original) (raw)

About DBpedia

Stagefright je v informatice souhrnný název pro skupinu softwarových chyb, které mají vliv na bezpečnost OS Android. Potenciální útočník může získat kontrolu nad zařízením (mobilním telefonem, tabletem) pomocí speciálně upraveného MP4 videa, případně MP3 nahrávky. Chyba se vyskytla v knihovně libutils a libstagefright, podle které také získala název.

thumbnail

Property Value
dbo:abstract Stagefright és un error de programari explotable de manera remota que afecta les versions del sistema operatiu Android a partir de la 2.2 ("Froyo"), i permet a un atacant fer operacions arbitràries al dispositiu víctima a través de l'execució remota de codi i una escalada de privilegis. Els investigadors de seguretat informàtica demostren l'error de programari amb una prova de concepte que envia missatges MMS dissenyats de manera especial al dispositiu víctima i en la majoria dels casos no requereix cap acció de l'usuari consumidor per tenir èxit a la recepció del missatge, utilitzant el número de telèfon com a única informació de l'objectiu. El vector d'atac subjacent explota certes vulnerabilitats de desbordament aritmètic al component del nucli d'Android anomenat "Stagefright", Internament, la biblioteca és referida com a libstagefright. que és una biblioteca de programari complexa implementada primàriament amb C++ com a part del projecte Android Open Source Project (AOSP) i utilitzada com a motor de rerefons per a reproduir diversos formats multimèdia com MP4. L'error ha sigut identificat amb nombrosos identificadors CVE (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828 i CVE-2015-3829) els quals són referits de manera col·lectiva com a l'error Stagefright. (ca) Stagefright je v informatice souhrnný název pro skupinu softwarových chyb, které mají vliv na bezpečnost OS Android. Potenciální útočník může získat kontrolu nad zařízením (mobilním telefonem, tabletem) pomocí speciálně upraveného MP4 videa, případně MP3 nahrávky. Chyba se vyskytla v knihovně libutils a libstagefright, podle které také získala název. (cs) Stagefright (englisch für „Lampenfieber“) bezeichnet mehrere im Juli 2015 bekannt gewordene Sicherheitslücken im gleichnamigen Multimedia-Framework des Betriebssystems Android von Google. (de) Stagefright (effroi) est une faille logicielle affectant la bibliothèque logicielle multimédia Stagefright, exploitable à distance, trouvé dans plusieurs appareils et classé comme vulnérabilité dans le système d'exploitation Android. Cette vulnérabilité est également présente sur d'autres systèmes qui exploitent également cette bibliothèque logicielle, comme les consoles de jeu Nintendo Wii U et la New Nintendo 3DS, par exemple. (fr) Stagefright is the name given to a group of software bugs that affect versions from 2.2 "Froyo" up until 5.1.1 "Lollipop" of the Android operating system exposing an estimated 950 million devices (95% of all Android devices) at the time. The name is taken from the affected library, which among other things, is used to unpack MMS messages. Exploitation of the bug allows an attacker to perform arbitrary operations on the victim's device through remote code execution and privilege escalation. Security researchers demonstrate the bugs with a proof of concept that sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the background. A phone number is the only information needed to carry out the attack. The underlying attack vector exploits certain integer overflow vulnerabilities in the Android core component called libstagefright, which is a complex software library implemented primarily in C++ as part of the Android Open Source Project (AOSP) and used as a backend engine for playing various multimedia formats such as MP4 files. The discovered bugs have been provided with multiple Common Vulnerabilities and Exposures (CVE) identifiers, CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829 and CVE-2015-3864 (the latter one has been assigned separately from the others), which are collectively referred to as the Stagefright bug. (en) 스테이지프라이트(Stagefright)는 2.2버전에서부터 그 이후까지의 안드로이드 운영 체제에서 원격으로 조종되어 취약점 공격을 받을 수 있는 소프트웨어 버그이다.이 버그는 공격자가 안드로이드 기기를 공격할 때, 공격자가 악성 코드를 희생자의 안드로이드 기기에 심어 원격 작업을 가능하게 한다. 유용성 증명이 함께 쓰여진 버그를 이용하여 안드로이드 필수 요소중 하나인 "스테이지 프라이트"라는 멀티미디어 라이브러리를 공격하면, 악성코드가 심어진 MMS 메시지를 기기에 보내고 악성코드를 심을 수 있게 된다. 이 과정에서 은 메시지를 받는데 전혀 필요하지 않아 사용자는 알 수 없으며, 이런 타겟팅에 필요한 정보는 오직 핸드폰 번호뿐이다. 밝혀진 보안 취약점들은 CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829 그리고 CVE-2015-3864 (후자는 나중에 배정되었음)이며, 이들을 통틀어 스테이지 프라이트라고 부른다. (ko) Stagefright – błąd w systemie Android umożliwiający zdalne wykonywanie kodu na zaatakowanym urządzeniu. Błąd dotyczy systemu Android w wersjach 2.2 i nowszych. Do przedstawienia idei ataku wykorzystano specjalnie przygotowany MMS wysłany na atakowane urządzenie. Tak wykonany atak nie wymaga żadnej czynności od użytkownika końcowego, a do jego wykonania potrzebna jest jedynie znajomość numeru telefonu. Do ataku wykorzystywane są luki w bibliotece „Stagefright” odpowiedzialnej za odtwarzanie i nagrywanie multimediów. Szacunki mówią o blisko miliardzie urządzeń narażonych na atak tego typu. Błąd Stagefright odkrył Joshua Drake z firmy zajmującej się bezpieczeństwem i został ogłoszony publicznie 27 lipca 2015 r., a w kwietniu 2015 informacja o błędzie została przekazana do Google. (pl) Stagefright漏洞是一个影响安卓操作系统的远程代码执行漏洞。这个漏洞存在于Android 2.2及以上版本。这个漏洞由于触发条件简单而备受关注。攻击者只需给被攻击对象发送一条精心设计的彩信,即可控制整个手机,之后可以删除之前发送的彩信,使用户无法轻易察觉被攻击。 这个漏洞由以色列移动信息安全公司安全公司的发现。Stagefright系列漏洞影响之大,危害之大,堪称移动界的“心脏滴血”。这个漏洞于2015年4月报告给了Google。2015年8月5日,漏洞作者将在美国黑帽大会上详细讲解此漏洞。 这个漏洞共有7个CVE编号:CVE-2015-1538、CVE-2015-1539、CVE-2015-3824、CVE-2015-3826、CVE-2015-3827、CVE-2015-3828、CVE-2015-3829。 (zh)
dbo:thumbnail wiki-commons:Special:FilePath/Stagefright_bug_logo.png?width=300
dbo:wikiPageExternalLink http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html https://android.googlesource.com/platform/frameworks/av/+/030d8d0%5E!/ https://android.googlesource.com/platform/frameworks/av/+/0e4e5a8%5E!/ https://android.googlesource.com/platform/frameworks/av/+/5c134e6%5E!/ https://www.exploit-db.com/platform/%3Fp=android https://github.com/NorthBit/Metaphor https://cve.mitre.org/cgi-bin/cvename.cgi%3Fname=CVE-2020-8899
dbo:wikiPageID 47364085 (xsd:integer)
dbo:wikiPageLength 18642 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID 1094474846 (xsd:integer)
dbo:wikiPageWikiLink dbr:Hacker_(computer_security) dbr:Android_device dbr:Arbitrary_code_execution dbr:Bugfix dbr:Integer_overflow dbc:Android_(operating_system) dbr:Computer_security dbr:Original_equipment_manufacturer dbr:Vulnerability_(computing) dbc:Software_bugs dbr:Google dbr:Google_Hangouts dbc:Computer_security_exploits dbr:Android_(operating_system) dbr:Android_Cupcake dbr:Android_Froyo dbr:Android_Ice_Cream_Sandwich dbr:Android_Jelly_Bean dbr:Android_Lollipop dbr:Android_Open_Source_Project dbr:Android_version_history dbr:Computer_security_conference dbr:Full_disclosure_(computer_security) dbr:Patch_(computing) dbr:Proof_of_concept dbr:C++ dbr:Address_space_layout_randomization dbc:2015_in_computing dbr:Web_browser dbr:Heap_overflow dbr:DEF_CON dbr:Source_code dbr:End-user dbr:Privilege_escalation dbr:Remote_code_execution dbr:Attack_vector dbr:Black_Hat_Briefings dbr:Codebase dbr:Codec dbr:Text_message dbr:Zero-day_vulnerability dbr:Open-source dbr:Operating_system dbr:CVE_identifier dbr:Software_bug dbr:Wireless_carrier dbr:MP4 dbr:Multimedia_Messaging_Service dbr:Firmware dbr:Zimperium dbr:Vulnerability_mitigation dbr:Repository_(revision_control) dbr:Software_library dbr:Constrained_sandbox
dbp:affectedSoftware Android 1.5 "Cupcake" to Android 5.1 "Lollipop" (en) Android 2.2 "Froyo" and later , (en)
dbp:caption Logo of the Stagefright library bug (en)
dbp:cve , (en)
dbp:discovered 2015-07-27 (xsd:date)
dbp:discoverer Joshua Drake (en)
dbp:id PxQc5gOHnKs (en)
dbp:patched 2015-08-03 (xsd:date)
dbp:title Stagefright demo by zLabs (en)
dbp:wikiPageUsesTemplate dbt:Infobox_bug dbt:CVE dbt:Anchor dbt:Android dbt:As_of dbt:Mono dbt:Reflist dbt:Short_description dbt:Snd dbt:Start_date_and_age dbt:Use_mdy_dates dbt:Wikiversity dbt:YouTube dbt:Hacking_in_the_2010s dbt:Malware
dcterms:subject dbc:Android_(operating_system) dbc:Software_bugs dbc:Computer_security_exploits dbc:2015_in_computing
gold:hypernym dbr:Name
rdfs:comment Stagefright je v informatice souhrnný název pro skupinu softwarových chyb, které mají vliv na bezpečnost OS Android. Potenciální útočník může získat kontrolu nad zařízením (mobilním telefonem, tabletem) pomocí speciálně upraveného MP4 videa, případně MP3 nahrávky. Chyba se vyskytla v knihovně libutils a libstagefright, podle které také získala název. (cs) Stagefright (englisch für „Lampenfieber“) bezeichnet mehrere im Juli 2015 bekannt gewordene Sicherheitslücken im gleichnamigen Multimedia-Framework des Betriebssystems Android von Google. (de) Stagefright (effroi) est une faille logicielle affectant la bibliothèque logicielle multimédia Stagefright, exploitable à distance, trouvé dans plusieurs appareils et classé comme vulnérabilité dans le système d'exploitation Android. Cette vulnérabilité est également présente sur d'autres systèmes qui exploitent également cette bibliothèque logicielle, comme les consoles de jeu Nintendo Wii U et la New Nintendo 3DS, par exemple. (fr) 스테이지프라이트(Stagefright)는 2.2버전에서부터 그 이후까지의 안드로이드 운영 체제에서 원격으로 조종되어 취약점 공격을 받을 수 있는 소프트웨어 버그이다.이 버그는 공격자가 안드로이드 기기를 공격할 때, 공격자가 악성 코드를 희생자의 안드로이드 기기에 심어 원격 작업을 가능하게 한다. 유용성 증명이 함께 쓰여진 버그를 이용하여 안드로이드 필수 요소중 하나인 "스테이지 프라이트"라는 멀티미디어 라이브러리를 공격하면, 악성코드가 심어진 MMS 메시지를 기기에 보내고 악성코드를 심을 수 있게 된다. 이 과정에서 은 메시지를 받는데 전혀 필요하지 않아 사용자는 알 수 없으며, 이런 타겟팅에 필요한 정보는 오직 핸드폰 번호뿐이다. 밝혀진 보안 취약점들은 CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829 그리고 CVE-2015-3864 (후자는 나중에 배정되었음)이며, 이들을 통틀어 스테이지 프라이트라고 부른다. (ko) Stagefright漏洞是一个影响安卓操作系统的远程代码执行漏洞。这个漏洞存在于Android 2.2及以上版本。这个漏洞由于触发条件简单而备受关注。攻击者只需给被攻击对象发送一条精心设计的彩信,即可控制整个手机,之后可以删除之前发送的彩信,使用户无法轻易察觉被攻击。 这个漏洞由以色列移动信息安全公司安全公司的发现。Stagefright系列漏洞影响之大,危害之大,堪称移动界的“心脏滴血”。这个漏洞于2015年4月报告给了Google。2015年8月5日,漏洞作者将在美国黑帽大会上详细讲解此漏洞。 这个漏洞共有7个CVE编号:CVE-2015-1538、CVE-2015-1539、CVE-2015-3824、CVE-2015-3826、CVE-2015-3827、CVE-2015-3828、CVE-2015-3829。 (zh) Stagefright és un error de programari explotable de manera remota que afecta les versions del sistema operatiu Android a partir de la 2.2 ("Froyo"), i permet a un atacant fer operacions arbitràries al dispositiu víctima a través de l'execució remota de codi i una escalada de privilegis. Els investigadors de seguretat informàtica demostren l'error de programari amb una prova de concepte que envia missatges MMS dissenyats de manera especial al dispositiu víctima i en la majoria dels casos no requereix cap acció de l'usuari consumidor per tenir èxit a la recepció del missatge, utilitzant el número de telèfon com a única informació de l'objectiu. (ca) Stagefright is the name given to a group of software bugs that affect versions from 2.2 "Froyo" up until 5.1.1 "Lollipop" of the Android operating system exposing an estimated 950 million devices (95% of all Android devices) at the time. The name is taken from the affected library, which among other things, is used to unpack MMS messages. Exploitation of the bug allows an attacker to perform arbitrary operations on the victim's device through remote code execution and privilege escalation. Security researchers demonstrate the bugs with a proof of concept that sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the back (en) Stagefright – błąd w systemie Android umożliwiający zdalne wykonywanie kodu na zaatakowanym urządzeniu. Błąd dotyczy systemu Android w wersjach 2.2 i nowszych. Do przedstawienia idei ataku wykorzystano specjalnie przygotowany MMS wysłany na atakowane urządzenie. Tak wykonany atak nie wymaga żadnej czynności od użytkownika końcowego, a do jego wykonania potrzebna jest jedynie znajomość numeru telefonu. Do ataku wykorzystywane są luki w bibliotece „Stagefright” odpowiedzialnej za odtwarzanie i nagrywanie multimediów. Szacunki mówią o blisko miliardzie urządzeń narażonych na atak tego typu. (pl)
rdfs:label Stagefright (ca) Stagefright (cs) Stagefright (Sicherheitslücke) (de) Stagefright (vulnérabilité) (fr) 스테이지프라이트 (ko) Stagefright (pl) Stagefright (bug) (en) Stagefright漏洞 (zh)
owl:sameAs yago-res:Stagefright (bug) wikidata:Stagefright (bug) dbpedia-ca:Stagefright (bug) dbpedia-cs:Stagefright (bug) dbpedia-de:Stagefright (bug) dbpedia-fr:Stagefright (bug) dbpedia-he:Stagefright (bug) dbpedia-ko:Stagefright (bug) dbpedia-pl:Stagefright (bug) dbpedia-zh:Stagefright (bug) https://global.dbpedia.org/id/z62H
prov:wasDerivedFrom wikipedia-en:Stagefright_(bug)?oldid=1094474846&ns=0
foaf:depiction wiki-commons:Special:FilePath/Stagefright_bug_logo.png
foaf:isPrimaryTopicOf wikipedia-en:Stagefright_(bug)
is dbo:wikiPageRedirects of dbr:Android_Stagefright dbr:CVE-2015-1538 dbr:CVE-2015-1539 dbr:CVE-2015-3824 dbr:CVE-2015-3826 dbr:CVE-2015-3827 dbr:CVE-2015-3828 dbr:CVE-2015-3829 dbr:CVE-2015-3864 dbr:CVE-2015-6602 dbr:Android_MMS_vulnerabilities dbr:Zimperium_Handset_Alliance dbr:Stagefright_(library) dbr:Stagefright_(software_library) dbr:Libstagefright dbr:Stagefright_(software_bug)
is dbo:wikiPageWikiLink of dbr:Android_Stagefright dbr:Android_Nougat dbr:Stage_fright_(disambiguation) dbr:CVE-2015-1538 dbr:CVE-2015-1539 dbr:CVE-2015-3824 dbr:CVE-2015-3826 dbr:CVE-2015-3827 dbr:CVE-2015-3828 dbr:CVE-2015-3829 dbr:CVE-2015-3864 dbr:CVE-2015-6602 dbr:Firefox_OS dbr:GoWarrior dbr:Android_MMS_vulnerabilities dbr:Zimperium_Handset_Alliance dbr:Stagefright_(library) dbr:Stagefright_(software_library) dbr:Nexus_6 dbr:Nexus_7_(2013) dbr:Zimperium dbr:Libstagefright dbr:Stagefright_(software_bug)
is foaf:primaryTopic of wikipedia-en:Stagefright_(bug)