About: Stagefright (bug)

Facets (new session)
Description
Metadata
Settings
- Rule:
- Inverse Functional Properties:
- "Same As":

About: Stagefright (bug) Goto Sponge NotDistinct Permalink

An Entity of Type : owl:Thing, within Data Space : dbpedia.demo.openlinksw.com associated with source document(s)
QRcode icon

http://dbpedia.demo.openlinksw.com/describe/?url=http%3A%2F%2Fdbpedia.org%2Fresource%2FStagefright_%28bug%29

Stagefright is the name given to a group of software bugs that affect versions from 2.2 "Froyo" up until 5.1.1 "Lollipop" of the Android operating system exposing an estimated 950 million devices (95% of all Android devices) at the time. The name is taken from the affected library, which among other things, is used to unpack MMS messages. Exploitation of the bug allows an attacker to perform arbitrary operations on the victim's device through remote code execution and privilege escalation. Security researchers demonstrate the bugs with a proof of concept that sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the back

Attributes	Values
rdfs:label	Stagefright (ca) Stagefright (cs) Stagefright (Sicherheitslücke) (de) Stagefright (vulnérabilité) (fr) 스테이지프라이트 (ko) Stagefright (pl) Stagefright (bug) (en) Stagefright漏洞 (zh)
rdfs:comment	Stagefright je v informatice souhrnný název pro skupinu softwarových chyb, které mají vliv na bezpečnost OS Android. Potenciální útočník může získat kontrolu nad zařízením (mobilním telefonem, tabletem) pomocí speciálně upraveného MP4 videa, případně MP3 nahrávky. Chyba se vyskytla v knihovně libutils a libstagefright, podle které také získala název. (cs) Stagefright (englisch für „Lampenfieber“) bezeichnet mehrere im Juli 2015 bekannt gewordene Sicherheitslücken im gleichnamigen Multimedia-Framework des Betriebssystems Android von Google. (de) Stagefright (effroi) est une faille logicielle affectant la bibliothèque logicielle multimédia Stagefright, exploitable à distance, trouvé dans plusieurs appareils et classé comme vulnérabilité dans le système d'exploitation Android. Cette vulnérabilité est également présente sur d'autres systèmes qui exploitent également cette bibliothèque logicielle, comme les consoles de jeu Nintendo Wii U et la New Nintendo 3DS, par exemple. (fr) 스테이지프라이트(Stagefright)는 2.2버전에서부터 그 이후까지의 안드로이드 운영 체제에서 원격으로 조종되어 취약점 공격을 받을 수 있는 소프트웨어 버그이다.이 버그는 공격자가 안드로이드 기기를 공격할 때, 공격자가 악성 코드를 희생자의 안드로이드 기기에 심어 원격 작업을 가능하게 한다. 유용성 증명이 함께 쓰여진 버그를 이용하여 안드로이드 필수 요소중 하나인 "스테이지 프라이트"라는 멀티미디어 라이브러리를 공격하면, 악성코드가 심어진 MMS 메시지를 기기에 보내고 악성코드를 심을 수 있게 된다. 이 과정에서 은 메시지를 받는데 전혀 필요하지 않아 사용자는 알 수 없으며, 이런 타겟팅에 필요한 정보는 오직 핸드폰 번호뿐이다. 밝혀진 보안 취약점들은 CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829 그리고 CVE-2015-3864 (후자는 나중에 배정되었음)이며, 이들을 통틀어 스테이지 프라이트라고 부른다. (ko) Stagefright漏洞是一个影响安卓操作系统的远程代码执行漏洞。这个漏洞存在于Android 2.2及以上版本。这个漏洞由于触发条件简单而备受关注。攻击者只需给被攻击对象发送一条精心设计的彩信，即可控制整个手机，之后可以删除之前发送的彩信，使用户无法轻易察觉被攻击。这个漏洞由以色列移动信息安全公司安全公司的发现。Stagefright系列漏洞影响之大，危害之大，堪称移动界的“心脏滴血”。这个漏洞于2015年4月报告给了Google。2015年8月5日，漏洞作者将在美国黑帽大会上详细讲解此漏洞。这个漏洞共有7个CVE编号：CVE-2015-1538、CVE-2015-1539、CVE-2015-3824、CVE-2015-3826、CVE-2015-3827、CVE-2015-3828、CVE-2015-3829。 (zh) Stagefright és un error de programari explotable de manera remota que afecta les versions del sistema operatiu Android a partir de la 2.2 ("Froyo"), i permet a un atacant fer operacions arbitràries al dispositiu víctima a través de l'execució remota de codi i una escalada de privilegis. Els investigadors de seguretat informàtica demostren l'error de programari amb una prova de concepte que envia missatges MMS dissenyats de manera especial al dispositiu víctima i en la majoria dels casos no requereix cap acció de l'usuari consumidor per tenir èxit a la recepció del missatge, utilitzant el número de telèfon com a única informació de l'objectiu. (ca) Stagefright is the name given to a group of software bugs that affect versions from 2.2 "Froyo" up until 5.1.1 "Lollipop" of the Android operating system exposing an estimated 950 million devices (95% of all Android devices) at the time. The name is taken from the affected library, which among other things, is used to unpack MMS messages. Exploitation of the bug allows an attacker to perform arbitrary operations on the victim's device through remote code execution and privilege escalation. Security researchers demonstrate the bugs with a proof of concept that sends specially crafted MMS messages to the victim device and in most cases requires no end-user actions upon message reception to succeed—the user doesn't have to do anything to 'accept' exploits using the bug; it happens in the back (en) Stagefright – błąd w systemie Android umożliwiający zdalne wykonywanie kodu na zaatakowanym urządzeniu. Błąd dotyczy systemu Android w wersjach 2.2 i nowszych. Do przedstawienia idei ataku wykorzystano specjalnie przygotowany MMS wysłany na atakowane urządzenie. Tak wykonany atak nie wymaga żadnej czynności od użytkownika końcowego, a do jego wykonania potrzebna jest jedynie znajomość numeru telefonu. Do ataku wykorzystywane są luki w bibliotece „Stagefright” odpowiedzialnej za odtwarzanie i nagrywanie multimediów. Szacunki mówią o blisko miliardzie urządzeń narażonych na atak tego typu. (pl)
foaf:depiction
dcterms:subject	Android (operating system) Software bugs Computer security exploits 2015 in computing
Wikipage page ID	47364085 (xsd:integer)
Wikipage revision ID	1094474846 (xsd:integer)
Link from a Wikipage to another Wikipage	Hacker (computer security) Android device Arbitrary code execution Bugfix Integer overflow Android (operating system) Computer security Original equipment manufacturer Vulnerability (computing) Software bugs Google Google Hangouts Computer security exploits Android (operating system) Android Cupcake Android Froyo Android Ice Cream Sandwich Android Jelly Bean Android Lollipop Android Open Source Project Android version history Computer security conference Full disclosure (computer security) Patch (computing) Proof of concept C++ Address space layout randomization 2015 in computing Web browser Heap overflow DEF CON Source code End-user Privilege escalation Remote code execution Attack vector Black Hat Briefings Codebase Codec Text message Zero-day vulnerability Open-source Operating system CVE identifier Software bug Wireless carrier MP4 Multimedia Messaging Service Firmware Zimperium Vulnerability mitigation Repository (revision control) Software library dbr:Constrained_sandbox
Link from a Wikipage to an external page	http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html https://android.googlesource.com/platform/frameworks/av/+/030d8d0%5E!/ https://android.googlesource.com/platform/frameworks/av/+/0e4e5a8%5E!/ https://android.googlesource.com/platform/frameworks/av/+/5c134e6%5E!/ https://www.exploit-db.com/platform/%3Fp=android https://github.com/NorthBit/Metaphor https://cve.mitre.org/cgi-bin/cvename.cgi%3Fname=CVE-2020-8899
sameAs	Stagefright (bug) Stagefright (bug) Stagefright (bug) Stagefright (bug) Stagefright (bug) Stagefright (bug) Stagefright (bug) Stagefright (bug) Stagefright (bug) Stagefright (bug) Stagefright (bug)
dbp:wikiPageUsesTemplate	dbt:Infobox_bug dbt:CVE dbt:Anchor dbt:Android dbt:As_of

Faceted Search & Find service v1.17_git139 as of Feb 29 2024

Alternative Linked Data Documents: ODE Content Formats:

RDF

ODATA

Microdata

About

OpenLink Virtuoso version 08.03.3330 as of Mar 19 2024, on Linux (x86_64-generic-linux-glibc212), Single-Server Edition (378 GB total memory, 67 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software