Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2013-6770

Published: 31/03/2014 Updated: 03/04/2014
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Koushik Dutta

Vulnerability Summary

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows malicious users to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.

Vulnerable Product Search on Vulmon Subscribe to Product

koushik_dutta superuser 1.0.2.1

google android 4.4

Exploits

Exploit DB: Android 4.3 Superuser Root Privilege Escalation
The Superuser package for Android 43 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root ...

References

CWE-264http://www.securityfocus.com/archive/1/529795https://nvd.nist.govhttps://packetstormsecurity.com/files/124020/Android-4.3-Superuser-Root-Privilege-Escalation.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook