Vulnerability CVE-2013-6124


Published: 2014-08-31

Description:
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
4.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Codeaurora -> Android-msm 

 References:
https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124

Copyright 2021, cxsecurity.com

 

Back to Top