{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-21T00:00:00", "descriptions": [{"lang": "en", "value": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-27T19:06:14", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.t-mobile.com/docs/DOC-21994"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"}, {"name": "RHSA-2013:1732", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"}, {"name": "[busybox] 20130722 1.21.0 is released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"}, {"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"}, {"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1813", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.t-mobile.com/docs/DOC-21994", "refsource": "CONFIRM", "url": "https://support.t-mobile.com/docs/DOC-21994"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"}, {"name": "RHSA-2013:1732", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"}, {"name": "[busybox] 20130722 1.21.0 is released", "refsource": "MLIST", "url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"}, {"name": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784", "refsource": "CONFIRM", "url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"}, {"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"}, {"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:32.987Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.t-mobile.com/docs/DOC-21994"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"}, {"name": "RHSA-2013:1732", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"}, {"name": "[busybox] 20130722 1.21.0 is released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"}, {"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"}, {"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1813", "datePublished": "2013-11-23T11:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:13:32.987Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*", "matchCriteriaId": "919D9673-1FCA-431D-9F30-643AAEFAC1DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "matchCriteriaId": "920C6143-7898-45F6-97C0-6F39127DCA71", "versionEndIncluding": "1.20.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.38:*:*:*:*:*:*:*", "matchCriteriaId": "0B67E997-9F5B-46BB-A6C7-2807E08780D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.39:*:*:*:*:*:*:*", "matchCriteriaId": "ADF8AED2-C49C-4494-A758-152BB15163B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.40:*:*:*:*:*:*:*", "matchCriteriaId": "A78CB26D-6D7F-41B9-B831-836B1AE9685D", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.41:*:*:*:*:*:*:*", "matchCriteriaId": "22F144B4-A3DC-486F-8AEB-56A293CEB4D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.42:*:*:*:*:*:*:*", "matchCriteriaId": "7DEF39BB-37E1-449A-8CB9-6E85E1FABCA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.43:*:*:*:*:*:*:*", "matchCriteriaId": "37848E12-4C7D-4EE2-9347-0B10A26E9B63", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.45:*:*:*:*:*:*:*", "matchCriteriaId": "FAEE5FB7-08B2-4A15-9D14-1BFF7BA513DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.46:*:*:*:*:*:*:*", "matchCriteriaId": "148DF5E9-748F-44FB-84D3-5FD4D30322B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.47:*:*:*:*:*:*:*", "matchCriteriaId": "41B69641-1130-4905-A5EE-80A193FCF207", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.48:*:*:*:*:*:*:*", "matchCriteriaId": "7464F91E-51A5-4C77-93BD-EA57824EB7AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.49:*:*:*:*:*:*:*", "matchCriteriaId": "48429F2F-F41D-45C5-AA58-FDBEC63B3DD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.50:*:*:*:*:*:*:*", "matchCriteriaId": "F907C5FE-E1E8-4B55-AA1F-A82517BA3657", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.51:*:*:*:*:*:*:*", "matchCriteriaId": "ACEE08C4-A5EE-42B9-8AB9-EB5BE4FEF2C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.52:*:*:*:*:*:*:*", "matchCriteriaId": "2F745A0B-7B84-4127-BE27-9DC485479474", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.60.0:*:*:*:*:*:*:*", "matchCriteriaId": "85B1DD33-0CAD-4ED6-BB99-29EA39E4D147", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.60.1:*:*:*:*:*:*:*", "matchCriteriaId": "35153AC7-AAF0-43BA-A900-7DDF46FF4F38", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.60.2:*:*:*:*:*:*:*", "matchCriteriaId": "A35C280B-5370-4762-A109-E08DB542BFD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.60.3:*:*:*:*:*:*:*", "matchCriteriaId": "EB07416D-FBA6-4A68-856D-4AF5E2FF142E", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.60.4:*:*:*:*:*:*:*", "matchCriteriaId": "8998A02A-A35B-4124-AB31-43F1A1B9C477", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*", "matchCriteriaId": "41F70FE4-28AA-40D1-A2D2-D7047404E3BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*", "matchCriteriaId": "539C33E8-53AA-4415-BDA2-C4EE889FDB64", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "1E2D0557-0C6A-40B6-BF08-0D24CDCF0FD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1D67C2D-825B-4E66-A43F-9D07BB3CF9CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5408DA3E-9CA1-4768-992C-1732A45C4365", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D0A9C5E7-5260-4EBD-8A62-B11EE81906F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "55E1C67B-87DD-4883-A4DC-539783B4223E", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "09A4634A-6B09-477B-AC5C-109D1708935D", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C035059E-0B42-4C1F-9C6D-866D69DE4702", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BCA06DD4-6993-4F5F-8D01-94CEFB684D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3F4032E-04CF-4EA9-AF05-B6EBE5FFEDDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F95E79C7-1C7D-4A7B-8465-C4D3557C0097", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBA76F53-2D6B-432F-99AD-3D126F463535", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "80FD3330-1F10-4697-ABEA-806E3068678B", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F696DE8-423B-4F93-A2FE-8CCC9EB7E48A", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "49A6A3CC-A56B-4861-9668-8AE05247042C", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E508DF8D-33E4-485A-9348-B4592A9C0207", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9796F6C1-52BB-448A-A807-0A6036B3ECC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "71494758-A192-4A83-85D6-6A368CD58BF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB367825-26AE-4B75-A329-EC9DD0EC8004", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4336604A-11D1-4450-B38F-378263A299B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1DAE682D-2F8E-40B2-8894-9FCAA8CD0101", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "04D61499-332E-4AE7-A005-32A0DDE81DF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3923C03C-DD87-4FF8-BC97-A72CC65155FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "3E9A8BC6-CA69-46B0-9426-34ADB2695BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6704C4C-88E6-466D-9CAE-6FE8545F0977", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F20F2DBA-E5F1-4DE7-95A3-8A044A94E9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC859628-5C13-4513-93C2-538F0A6A2586", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AB0BF42-4C41-44DF-926A-9144C2F385E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "C17EDB63-B733-4761-B535-7F72E8F787A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "F69A0F8C-B003-485F-813A-D4E1A4E88584", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "8509CF5F-D1D1-4EB5-A061-00EEEEED68BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2A7A44C-C438-407C-97FF-435BE95795FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "28738A5C-C205-4FC5-8633-5A7B898A1832", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "B8B44A0E-800C-4342-BA75-A48F3A56C3CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "2F341E09-BF96-43E6-96CC-7AFD8736938C", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "6AEB371C-36DF-4421-882B-C769ED8404EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "23D58896-B93B-4D5C-B42A-802B86A8D986", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "96B38C04-7990-4B5A-86DB-9DE35BD73BED", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "CD8D48C9-CC0F-4ACE-9C59-67E962C2DB6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A1607A0-9B02-4433-B246-CE0FC73C2F64", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "ED230815-6F03-49D2-8422-5E4764C92776", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "89769E1E-FC6F-464F-9D2D-4A92E8150023", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "A818C102-5BBA-49ED-A2FF-CB60D50B867F", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "4965028A-4818-4F49-A69F-E4936B802933", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "789A3850-A613-41D5-A4B1-5B21F0DAD865", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "D1D06891-0077-43A7-84FE-26BEB4615820", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "AAEBB6E8-4B1C-4F90-A429-4A08B5958706", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "C7DCE0B0-FC75-4C79-9B69-7E45F6DF1B2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "46F680B7-A7C9-491C-B084-809FA91A4306", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4B04CD2-EE97-4480-A3BD-A9405CC72408", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "3301EA75-92C1-4A07-8D4F-C03327F0DCA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A528C12-8E6C-47E3-B1B3-8DDA5C934C28", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "A56FDCCB-87A7-4354-83EA-3BEAFF0FF019", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*", "matchCriteriaId": "CC00E801-D3E0-4D9E-B004-F2192D1D552A", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "66D0CE4D-E98B-4080-8372-7F1632A1E8F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "EAD322BE-7397-4154-B2BD-7E94275C1CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "7288E37E-9B8C-403E-A534-6191A0C6B4D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*", "matchCriteriaId": "2DB0017A-2FDB-424D-B693-3609141321A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6DA7560-D138-4D9C-9D1B-1DF0F79181AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "904B27F8-A167-4986-9AD3-665AF0D9B364", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*", "matchCriteriaId": "E92B4186-3A3B-46E6-ADCA-B5EDCB122A88", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "852E6303-7BC5-4559-A653-727E5F8D21F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*", "matchCriteriaId": "75C8ED43-A5E6-4413-9723-C69D9F46EF73", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*", "matchCriteriaId": "82866980-4335-4A5A-B4ED-750C848861C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*", "matchCriteriaId": "5566B9F7-9C87-46F2-948C-7D2599035F82", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*", "matchCriteriaId": "BC2AEC0B-A24B-4B4F-ABDD-60FC57257634", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "E850B3B9-8D40-4C6C-9872-16C5235655B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "07CECA25-E276-46F6-A811-6B428B4DB4A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*", "matchCriteriaId": "55DDF725-B099-4187-ADB5-10CA4E6105ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*", "matchCriteriaId": "834E01F2-96CD-4F2D-9854-A68B31E1E3DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6576665-E960-4338-ACF0-747F71443887", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*", "matchCriteriaId": "9BFC1DCB-BC86-4C65-88B6-DC6F29C1BF12", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "01DA4F8E-77CE-4552-A200-F7AE11CB99A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*", "matchCriteriaId": "ABC7D599-2AA2-465D-8943-D43FB274562C", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA46F251-9F17-498F-B093-70ADF7F989F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.19.4:*:*:*:*:*:*:*", "matchCriteriaId": "342D474D-D3E9-43A1-9822-AFF4BD39741D", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F79AF30-821F-488B-971D-3A2C931C7D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:busybox:busybox:1.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "B94A193D-55F6-410B-A744-D7561D76D6E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."}, {"lang": "es", "value": "util-linux/mdev.c en BusyBox anterior a la versi\u00f3n 1.21.0 utiliza permisos 0777 en directorios padre al crear directorios anidados bajo /dev/, lo que permite a usuarios locales tener un impacto y vectores de ataques desconocidos."}], "id": "CVE-2013-1813", "lastModified": "2024-11-21T01:50:26.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-23T11:55:04.337", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"}, {"source": "secalert@redhat.com", "url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"source": "secalert@redhat.com", "url": "https://support.t-mobile.com/docs/DOC-21994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.t-mobile.com/docs/DOC-21994"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1732", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "busybox-1:1.15.1-20.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}], "bugzilla": {"description": "busybox: insecure directory permissions in /dev", "id": "919608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919608"}, "csaw": false, "cvss": {"cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."], "name": "CVE-2013-1813", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "busybox", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-03-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1813\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1813"], "threat_severity": "Low", "upstream_fix": "busybox 1.21.0"}