CVE-2013-3685

A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.

CVSS v3.0 7.0 HIGH
CVSS v2.0 6.9 MEDIUM

7.0^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://seclists.org/fulldisclosure/2013/Jun/196	Exploit Mailing List Third Party Advisory
http://www.securityfocus.com/bid/60749	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/85296	Third Party Advisory VDB Entry
https://androidvulnerabilities.org/all	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:spritesoftware:spritebackup:2.5.4105:::::::*
	cpe:2.3:a:spritesoftware:spritebackup:2.5.4108:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.24:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.28:::::::*

OR	cpe:2.3:h:lg:e971:-:::::::*
	cpe:2.3:h:lg:e973:-:::::::*
	cpe:2.3:h:lg:e975:-:::::::*
	cpe:2.3:h:lg:e975k:-:::::::*
	cpe:2.3:h:lg:e975t:-:::::::*
	cpe:2.3:h:lg:e976:-:::::::*
	cpe:2.3:h:lg:e977:-:::::::*
	cpe:2.3:h:lg:f100k:-:::::::*
	cpe:2.3:h:lg:f100l:-:::::::*
	cpe:2.3:h:lg:f100s:-:::::::*
	cpe:2.3:h:lg:f120k:-:::::::*
	cpe:2.3:h:lg:f120l:-:::::::*
	cpe:2.3:h:lg:f120s:-:::::::*
	cpe:2.3:h:lg:f160k:-:::::::*
	cpe:2.3:h:lg:f160l:-:::::::*
	cpe:2.3:h:lg:f160lv:-:::::::*
	cpe:2.3:h:lg:f160s:-:::::::*
	cpe:2.3:h:lg:f180k:-:::::::*
	cpe:2.3:h:lg:f180l:-:::::::*
	cpe:2.3:h:lg:f180s:-:::::::*
	cpe:2.3:h:lg:f200k:-:::::::*
	cpe:2.3:h:lg:f200l:-:::::::*
	cpe:2.3:h:lg:f200s:-:::::::*
	cpe:2.3:h:lg:f240k:-:::::::*
	cpe:2.3:h:lg:f240l:-:::::::*
	cpe:2.3:h:lg:f240s:-:::::::*
	cpe:2.3:h:lg:f260k:-:::::::*
	cpe:2.3:h:lg:f260l:-:::::::*
	cpe:2.3:h:lg:f260s:-:::::::*
	cpe:2.3:h:lg:l21_:-:::::::*
	cpe:2.3:h:lg:lg870:-:::::::*
	cpe:2.3:h:lg:ls860:-:::::::*
	cpe:2.3:h:lg:ls970:-:::::::*
	cpe:2.3:h:lg:p760:-:::::::*
	cpe:2.3:h:lg:p769:-:::::::*
	cpe:2.3:h:lg:p780:-:::::::*
	cpe:2.3:h:lg:p875:-:::::::*
	cpe:2.3:h:lg:p875h:-:::::::*
	cpe:2.3:h:lg:p880:-:::::::*
	cpe:2.3:h:lg:p940:-:::::::*
	cpe:2.3:h:lg:su540:-:::::::*
	cpe:2.3:h:lg:su870:-:::::::*
	cpe:2.3:h:lg:us780:-:::::::*

Information

Published : 2020-02-12 08:15

Updated : 2020-02-19 11:43

NVD link : CVE-2013-3685

Mitre link : CVE-2013-3685

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Products Affected

f180l
f200k
f260l
f200s
p875
f240s
f120s
f240l
p880
f240k
f120k
p760
ls970
us780
f160k
f160l
ls860
f100s
f180s
e975k
p940
p875h
e976
e973
e975t
e971
f100l
f160lv
l21_
p780
p769
f120l
f100k
e975
su540
lg870
f260k
f260s
su870
f180k
e977
f200l
f160s

spritesoftware

spritebud
spritebackup

7.0 /10