Vulnerability CVE-2013-6774


Published: 2014-03-31

Description:
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Android 4.2.x Superuser Unsanitized Environment
Kevin Cernekee
15.11.2013

Vendor: Androidsu
Product: Chainsdd superuser 
Version: 3.1.3;
Vendor: Chainfire
Product: Supersu 
Version: 1.69;
Vendor: Koushik dutta
Product: Superuser 
Version: 1.0.2.1;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/archive/1/529822
http://www.securityfocus.com/archive/1/529796

Related CVE
CVE-2013-6770
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB she...
CVE-2013-6769
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.
CVE-2013-6768
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for...

Copyright 2019, cxsecurity.com

 

Back to Top