CVE-2016-6564
Summary
| CVE | CVE-2016-6564 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-13 20:29:00 UTC |
| Updated | 2019-10-09 23:19:00 UTC |
| Description | Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments": "Test", "commands": "touch /tmp/test"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0 |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Beeline | Pro 2 | - | All | All | All |
| Hardware | Beeline | Pro 2 | - | All | All | All |
| Operating System | Beeline | Pro 2 Firmware | - | All | All | All |
| Operating System | Beeline | Pro 2 Firmware | - | All | All | All |
| Hardware | Bluproducts | Studio 6.0 Hd | - | All | All | All |
| Hardware | Bluproducts | Studio 6.0 Hd | - | All | All | All |
| Operating System | Bluproducts | Studio 6.0 Hd Firmware | - | All | All | All |
| Operating System | Bluproducts | Studio 6.0 Hd Firmware | - | All | All | All |
| Hardware | Bluproducts | Studio C Hd | - | All | All | All |
| Hardware | Bluproducts | Studio C Hd | - | All | All | All |
| Operating System | Bluproducts | Studio C Hd Firmware | - | All | All | All |
| Operating System | Bluproducts | Studio C Hd Firmware | - | All | All | All |
| Hardware | Bluproducts | Studio G | - | All | All | All |
| Hardware | Bluproducts | Studio G | - | All | All | All |
| Operating System | Bluproducts | Studio G Firmware | - | All | All | All |
| Operating System | Bluproducts | Studio G Firmware | - | All | All | All |
| Hardware | Bluproducts | Studio G Plus | - | All | All | All |
| Hardware | Bluproducts | Studio G Plus | - | All | All | All |
| Operating System | Bluproducts | Studio G Plus Firmware | - | All | All | All |
| Operating System | Bluproducts | Studio G Plus Firmware | - | All | All | All |
| Hardware | Bluproducts | Studio X | - | All | All | All |
| Hardware | Bluproducts | Studio X | - | All | All | All |
| Operating System | Bluproducts | Studio X Firmware | - | All | All | All |
| Operating System | Bluproducts | Studio X Firmware | - | All | All | All |
| Hardware | Bluproducts | Studio X Plus | - | All | All | All |
| Hardware | Bluproducts | Studio X Plus | - | All | All | All |
| Operating System | Bluproducts | Studio X Plus Firmware | - | All | All | All |
| Operating System | Bluproducts | Studio X Plus Firmware | - | All | All | All |
| Hardware | Doogee | Voyager 2 Dg310i | - | All | All | All |
| Hardware | Doogee | Voyager 2 Dg310i | - | All | All | All |
| Operating System | Doogee | Voyager 2 Dg310i Firmware | - | All | All | All |
| Operating System | Doogee | Voyager 2 Dg310i Firmware | - | All | All | All |
| Hardware | Iku-mobile | Colorful K45i | - | All | All | All |
| Hardware | Iku-mobile | Colorful K45i | - | All | All | All |
| Operating System | Iku-mobile | Colorful K45i Firmware | - | All | All | All |
| Operating System | Iku-mobile | Colorful K45i Firmware | - | All | All | All |
| Hardware | Infinixauthority | Hot 2 X510 | - | All | All | All |
| Hardware | Infinixauthority | Hot 2 X510 | - | All | All | All |
| Operating System | Infinixauthority | Hot 2 X510 Firmware | - | All | All | All |
| Operating System | Infinixauthority | Hot 2 X510 Firmware | - | All | All | All |
| Hardware | Infinixauthority | Hot X507 | - | All | All | All |
| Hardware | Infinixauthority | Hot X507 | - | All | All | All |
| Operating System | Infinixauthority | Hot X507 Firmware | - | All | All | All |
| Operating System | Infinixauthority | Hot X507 Firmware | - | All | All | All |
| Hardware | Infinixauthority | Zero 2 X509 | - | All | All | All |
| Hardware | Infinixauthority | Zero 2 X509 | - | All | All | All |
| Operating System | Infinixauthority | Zero 2 X509 Firmware | - | All | All | All |
| Operating System | Infinixauthority | Zero 2 X509 Firmware | - | All | All | All |
| Hardware | Infinixauthority | Zero X506 | - | All | All | All |
| Hardware | Infinixauthority | Zero X506 | - | All | All | All |
| Operating System | Infinixauthority | Zero X506 Firmware | - | All | All | All |
| Operating System | Infinixauthority | Zero X506 Firmware | - | All | All | All |
| Hardware | Leagoo | Alfa 6 | - | All | All | All |
| Hardware | Leagoo | Alfa 6 | - | All | All | All |
| Operating System | Leagoo | Alfa 6 Firmware | - | All | All | All |
| Operating System | Leagoo | Alfa 6 Firmware | - | All | All | All |
| Hardware | Leagoo | Lead 2s | - | All | All | All |
| Hardware | Leagoo | Lead 2s | - | All | All | All |
| Operating System | Leagoo | Lead 2s Firmware | - | All | All | All |
| Operating System | Leagoo | Lead 2s Firmware | - | All | All | All |
| Hardware | Leagoo | Lead 3i | - | All | All | All |
| Hardware | Leagoo | Lead 3i | - | All | All | All |
| Operating System | Leagoo | Lead 3i Firmware | - | All | All | All |
| Operating System | Leagoo | Lead 3i Firmware | - | All | All | All |
| Hardware | Leagoo | Lead 5 | - | All | All | All |
| Hardware | Leagoo | Lead 5 | - | All | All | All |
| Operating System | Leagoo | Lead 5 Firmware | - | All | All | All |
| Operating System | Leagoo | Lead 5 Firmware | - | All | All | All |
| Hardware | Leagoo | Lead 6 | - | All | All | All |
| Hardware | Leagoo | Lead 6 | - | All | All | All |
| Operating System | Leagoo | Lead 6 Firmware | - | All | All | All |
| Operating System | Leagoo | Lead 6 Firmware | - | All | All | All |
| Hardware | Xolo | Cube 5.0 | - | All | All | All |
| Hardware | Xolo | Cube 5.0 | - | All | All | All |
| Operating System | Xolo | Cube 5.0 Firmware | - | All | All | All |
| Operating System | Xolo | Cube 5.0 Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability Note VU#624539 - Ragentek Android OTA update mechanism vulnerable to MITM attack | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Multiple Android Products CVE-2016-6564 Man in the Middle Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| GhostPush Android Botnet | MISC | www.bitsighttech.com | Exploit, Third Party Advisory |
| Multiple Android Products CVE-2016-6564 Man in the Middle Security Bypass Vulnerability | MITRE | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Thanks to Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks for reporting this vulnerability.
There are currently no legacy QID mappings associated with this CVE.