CVE-2013-6770

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.

Published: Mar 31, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6770
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
koushik_dutta / superuser	1.0.2.1	1.0.2.1.x
google / android	4.4	4.4.x

http://www.securityfocus.com/archive/1/529795

Vulnerability Database

289,599

CVE-2013-6770