CVE-2013-6770

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:koushik_dutta:superuser:1.0.2.1:*:*:*:*:*:*:*
OR cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*

Information

Published : 2014-03-31 07:58

Updated : 2014-04-03 10:09


NVD link : CVE-2013-6770

Mitre link : CVE-2013-6770


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

google

  • android

koushik_dutta

  • superuser