Added CVE-2016-0808 and removed android-vts.iml, app/app.iml

Author: kayji

android-vts.iml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module external.linked.project.id="android-vts" external.linked.project.path="$MODULE_DIR$" external.root.project.path="$MODULE_DIR$" external.system.id="GRADLE" external.system.module.group="" external.system.module.version="unspecified" type="JAVA_MODULE" version="4">
+  <component name="FacetManager">
+    <facet type="java-gradle" name="Java-Gradle">
+      <configuration>
+        <option name="BUILD_FOLDER_PATH" value="$MODULE_DIR$/build" />
+        <option name="BUILDABLE" value="false" />
+      </configuration>
+    </facet>
+  </component>
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_7" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/.gradle" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

app/app.iml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<module external.linked.project.id=":app" external.linked.project.path="$MODULE_DIR$" external.root.project.path="$MODULE_DIR$/.." external.system.id="GRADLE" external.system.module.group="androidVTS" external.system.module.version="unspecified" type="JAVA_MODULE" version="4">
+<module external.linked.project.id=":app" external.linked.project.path="$MODULE_DIR$" external.root.project.path="$MODULE_DIR$/.." external.system.id="GRADLE" external.system.module.group="android-vts" external.system.module.version="unspecified" type="JAVA_MODULE" version="4">
   <component name="FacetManager">
     <facet type="android-gradle" name="Android-Gradle">
       <configuration>
@@ -63,49 +63,35 @@
       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/java" isTestSource="true" />
       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/jni" isTestSource="true" />
       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/rs" isTestSource="true" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/assets" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/bundles" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/classes" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/coverage-instrumented-classes" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/dependency-cache" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/dex" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/dex-cache" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/appcompat-v7/23.1.1/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/cardview-v7/23.1.1/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/design/23.1.1/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/recyclerview-v7/23.1.1/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/support-v4/23.1.1/jars" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.github.afollestad.material-dialogs/core/0.8.5.0/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.github.paolorotolo/appintro/3.3.0/jars" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/me.zhanghai.android.materialprogressbar/library/1.1.4/jars" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/incremental" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/jacoco" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/javaResources" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/libs" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/lint" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/manifests" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/ndk" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/pre-dexed" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/proguard" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/res" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/rs" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/symbols" />
+      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/io.reactivex/rxandroid/1.0.1/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/outputs" />
       <excludeFolder url="file://$MODULE_DIR$/build/tmp" />
     </content>
     <orderEntry type="jdk" jdkName="Android API 23 Platform" jdkType="Android SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" exported="" name="recyclerview-v7-23.1.1" level="project" />
+    <orderEntry type="library" exported="" name="xz-1.2" level="project" />
+    <orderEntry type="library" exported="" name="rxandroid-1.0.1" level="project" />
+    <orderEntry type="library" exported="" name="support-annotations-23.1.1" level="project" />
+    <orderEntry type="library" exported="" name="design-23.1.1" level="project" />
+    <orderEntry type="library" exported="" name="okhttp-3.0.0-RC1" level="project" />
+    <orderEntry type="library" exported="" name="retrofit-2.0.0-beta3" level="project" />
+    <orderEntry type="library" exported="" name="converter-gson-2.0.0-beta3" level="project" />
     <orderEntry type="library" exported="" name="appintro-3.3.0" level="project" />
     <orderEntry type="library" exported="" name="commons-io-2.4" level="project" />
+    <orderEntry type="library" exported="" name="rxjava-1.1.0" level="project" />
+    <orderEntry type="library" exported="" name="recyclerview-v7-23.1.1" level="project" />
     <orderEntry type="library" exported="" name="support-v4-23.1.1" level="project" />
-    <orderEntry type="library" exported="" name="library-1.1.4" level="project" />
-    <orderEntry type="library" exported="" name="cardview-v7-23.1.1" level="project" />
-    <orderEntry type="library" exported="" name="xz-1.2" level="project" />
-    <orderEntry type="library" exported="" name="support-annotations-23.1.1" level="project" />
     <orderEntry type="library" exported="" name="appcompat-v7-23.1.1" level="project" />
+    <orderEntry type="library" exported="" name="okio-1.6.0" level="project" />
+    <orderEntry type="library" exported="" name="adapter-rxjava-2.0.0-beta3" level="project" />
+    <orderEntry type="library" exported="" name="cardview-v7-23.1.1" level="project" />
+    <orderEntry type="library" exported="" name="gson-2.4" level="project" />
     <orderEntry type="library" exported="" name="commons-compress-1.5" level="project" />
-    <orderEntry type="library" exported="" name="design-23.1.1" level="project" />
-    <orderEntry type="library" exported="" name="core-0.8.5.0" level="project" />
   </component>
 </module>

app/src/main/assets/vuln_map.json

@@ -1,4 +1,18 @@
 {
+  "CVE-2016-0808": {
+    "cve": "CVE-2016-0808",
+    "altnames": [],
+    "description": "This vulnerability is what is known as a denial-of-service which gives a malicious application or individual the ability to cause continuous rebooting",
+    "impact": "Continuous reboot",
+    "external_links": [
+      "https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b"
+    ],
+    "patch": [
+      "https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b%5E%21/#F0"
+    ],
+    "cvssv2": 4.9,
+    "cvedate": "02/01/2016"
+  },
   "CVE-2015-3636": {
     "cve": "CVE-2015-3636",
     "altnames": [
@@ -531,5 +545,56 @@
              "https://android.googlesource.com/platform%2Fexternal%2Flibavc/+/2ee0c1bced131ffb06d1b430b08a202cd3a52005"
     ],
     "cvedate": "10/12/2015"
+
+  },
+  "CVE-2009-1185": {
+    "cve": "CVE-2009-1185",
+    "altnames": [],
+    "description": "This vulnerability is known as a privilege escalation vulnerability which gives a malicious application or individual the ability to obtain complete access to a vulnerable device. The specific vulnerability resides in a flaw in udev where it does not properly validate the origin of certain messages.",
+    "impact": "Local privilege escalation to kernel/root from an unprivileged app",
+    "external_links": [],
+    "cvssv2": 7.2,
+    "patch": [],
+    "cvedate": "04/17/2009"
+  },
+  "CVE-2012-6422": {
+    "cve": "CVE-2012-6422",
+    "altnames": [],
+    "description": "This vulnerability primarily impacts Samsung Galaxy S2 and S2 Note devices however other devices using an Exynos model 4210 and 4412 processors may also be affected. The vulnerability would allow an attacker or malicious application the ability to gain privileges on the device.",
+    "impact": "Local privilege escalation to kernel/root from an unprivileged app",
+    "external_links": [],
+    "cvssv2": 9.3,
+    "patch": [],
+    "cvedate": "12/17/2012"
+  },
+  "CVE-2011-1350": {
+    "cve": "CVE-2011-1350",
+    "altnames": [],
+    "description": "This vulnerability may allow a malicious application or attacker the ability to retrieve potentially sensitive information from an impacted device’s memory.",
+    "impact": "Local privilege escalation to kernel/root from an unprivileged app",
+    "external_links": [],
+    "cvssv2": 7.1,
+    "patch": [],
+    "cvedate": "02/05/2013"
+  },
+  "CVE-2012-0056": {
+    "cve": "CVE-2012-0056",
+    "altnames": [],
+    "description": "This vulnerability is known as a privilege escalation vulnerability which a gives a malicious application or individual that ability to obtain complete access to a vulnerable device. Note that if your device is running a version of Android that has ALSR enabled (4.1 and above) exploitation of this vulnerability is mitigated.",
+    "impact": "Local privilege escalation to kernel/root from an unprivileged app",
+    "external_links": [],
+    "cvssv2": 6.9,
+    "patch": [],
+    "cvedate": "01/27/2012"
+  },
+  "CVE-2009-2692": {
+    "cve": "CVE-2009-2692",
+    "altnames": [],
+    "description": "This vulnerability is known as a privilege escalation vulnerability which a gives a malicious application or individual that ability to obtain complete access to a vulnerable device.",
+    "impact": "Local privilege escalation to kernel/root from an unprivileged app",
+    "external_links": [],
+    "cvssv2": 7.2,
+    "patch": [],
+    "cvedate": "08/14/2009"
   }
 }

app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/VulnerabilityOrganizer.java

@@ -8,6 +8,7 @@
 import java.util.List;
 
 import fuzion24.device.vulnerability.util.CPUArch;
+import fuzion24.device.vulnerability.vulnerabilities.framework.graphics.CVE_2016_0808;
 import fuzion24.device.vulnerability.vulnerabilities.framework.graphics.GraphicBufferTest;
 import fuzion24.device.vulnerability.vulnerabilities.framework.media.CVE_2015_6602;
 import fuzion24.device.vulnerability.vulnerabilities.framework.media.CVE_2015_6608;
@@ -33,7 +34,10 @@ public class VulnerabilityOrganizer {
 
     //TODO: Maybe add dates to each of these and sort chronologically
     public static List<VulnerabilityTest> getTests(Context ctx){
+
         List<VulnerabilityTest> allTests = new ArrayList<>();
+
+        allTests.add(new CVE_2016_0808());
         allTests.add(new ZipBug9950697());
         allTests.add(new ZipBug8219321());
         allTests.add(new ZipBug9695860());

app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/framework/graphics/CVE_2016_0808.java

@@ -0,0 +1,45 @@
+package fuzion24.device.vulnerability.vulnerabilities.framework.graphics;
+
+import android.content.Context;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import fuzion24.device.vulnerability.util.CPUArch;
+import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;
+
+/**
+ * Created by kg on 09/03/16.
+ */
+public class CVE_2016_0808 implements VulnerabilityTest{
+    static {
+        System.loadLibrary("cve-2016-0808");
+    }
+
+    @Override
+    public String getCVEorID() {
+        return "CVE-2016-0808";
+    }
+
+    @Override
+    public boolean isVulnerable(Context context) throws Exception {
+        int checkVal = checkCVE20160808();
+        if(checkVal == 0) {
+            return false;
+        }else if(checkVal == 1) {
+            return true;
+        }else {
+            throw new Exception("Error running test");
+        }
+    }
+
+    @Override
+    public List<CPUArch> getSupportedArchitectures() {
+        ArrayList<CPUArch> archs = new ArrayList<CPUArch>();
+        archs.add(CPUArch.ARM7);
+        archs.add(CPUArch.ARM);
+        return archs;
+    }
+
+    private native int checkCVE20160808();
+}

app/src/main/jni/Android.mk

@@ -227,3 +227,23 @@ LOCAL_C_INCLUDES := $(LOCAL_PATH)/include/
 
 include $(BUILD_EXECUTABLE)
 ################################
+
+################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE    := cve-2016-0808
+LOCAL_SRC_FILES := cve20160808.c
+
+include $(BUILD_SHARED_LIBRARY)
+################################
+
+################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE    := cve-2016-0808check
+LOCAL_SRC_FILES := cve20160808.c
+
+include $(BUILD_EXECUTABLE)
+################################
+
+

app/src/main/jni/cve20160808.c

@@ -0,0 +1,49 @@
+#include <jni.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <android/log.h>
+
+int checkIsVulnerable(){
+	FILE *file;
+	long size;
+	uint8_t *buffer;
+	int result;
+	
+
+	file = fopen("/system/lib/libminikin.so", "rb");
+
+	if(file == NULL){
+		result = 0;
+		goto done;	
+	}
+
+	fseek(file, 0, SEEK_END);
+	size = ftell(file);
+	rewind(file);
+
+	buffer = (uint8_t *)malloc(sizeof(char)*size);
+
+	fread(buffer, 1, size, file);
+	uint8_t needle[4] = {0x53, 0x55, 0x55, 0x15};
+
+	uint8_t *p = memmem(buffer, size, needle, 4);
+	if(p)
+		result = 0;
+	else
+		result = 1;
+
+	fclose(file);
+	free(buffer);
+
+done:
+	return result;
+}
+
+JNIEXPORT jint JNICALL Java_fuzion24_device_vulnerability_vulnerabilities_framework_graphics_CVE_12016_10808_checkCVE20160808(JNIEnv *env, jobject obj){
+	return checkIsVulnerable();
+}
+
+int main(void){
+	return checkIsVulnerable();
+}