[Snort-sigs] StageFright rules possible?

Strnad Dominik dominik.strnad at ...4068...
Thu Aug 20 12:44:07 EDT 2015


Hello all,
I do work for mobile operator and we take Android StageFright vulnerability really seriously. We are trying to find some flexible long term solution, so we can handle such a threats in future. We are as well afraid, that for many Android devices, there will never be OTA update available to patch StageFright. :-(

As Mpeg4 container is a ‘’bit’’ complicated structure I am not sure, if Snort rules could cover StageFright multiple buffers over/under flows described in corresponding CVEs. It is even more challenging as WAP or HTTP protocols could be used to deliver this vulnerability in MIME encoded MP4 attachment. So my question is, is it doable? Thank you. ☺

Some useful links:
http://translate.wooyun.io/2015/08/08/Stagefright-Vulnerability-Disclosure.html
http://xhelmboyx.tripod.com/formats/mp4-layout.txt

Kind regards
Dominik Strnad


Zásady komunikace, které společnost T-Mobile Czech Republic a.s. užívá při sjednávání smluv, jsou uvedeny zde<http://www.t-mobile.cz/dcpublic/Zasady_komunikace_pri_sjednavani_smluv_cz.pdf>. Není-li v zásadách uvedeno jinak, nepředstavuje tato zpráva konečný návrh na uzavření či změnu smlouvy ani přijetí takového návrhu. The communication principles which T-Mobile Czech Republic a.s. applies when negotiating contracts are defined here<http://www.t-mobile.cz/dcpublic/Zasady_komunikace_pri_sjednavani_smluv_en.pdf>. Unless otherwise stated in the principles, this message does not constitute the final offer to contract or an amendment of a contract or acceptance of such offer.


More information about the Snort-sigs mailing list