CVE-2013-6768

CVSS V2 Medium 5 CVSS V3 None
Description
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.
Overview
  • CVE ID
  • CVE-2013-6768
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2014-03-31T14:58:57
  • Last Modified Date
  • 2014-03-31T18:59:53
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:koushik_dutta:superuser:1.0.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.securityfocus.com/archive/1/529796 Exploit
History
Created Old Value New Value Data Type Notes
2022-05-10 10:35:52 Added to TrackCVE
2022-12-01 22:29:44 2014-03-31T14:58Z 2014-03-31T14:58:57 CVE Published Date updated
2022-12-01 22:29:44 2014-03-31T18:59:53 CVE Modified Date updated
2022-12-01 22:29:44 Analyzed Vulnerability Status updated