Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6770

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2013-6770
Last Modified 03 Apr 2014 01:09:55
Published 31 Mar 2014 10:58:57
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-6770

Summary

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.

Vulnerable Systems

Operating System

  • Google Android 4.4

Application

  • Koushik Dutta Superuser 1.0.2.1


References

BUGTRAQ - 20131113 Superuser "su --daemon" vulnerability on Android >= 4.3


Last Updated: 27 May 2016 11:03:22