CVE-2013-3685 - OpenCVE

A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lg	E971 E973 E975 E975k E975t E976 E977 F100k F100l F100s F120k F120l F120s F160k F160l F160lv F160s F180k F180l F180s F200k F200l F200s F240k F240l F240s F260k F260l F260s L21 Lg870 Ls860 Ls970 P760 P769 P780 P875 P875h P880 P940 Su540 Su870 Us780
Spritesoftware	Spritebackup Spritebud

Configuration 1 [-]

AND

OR	cpe:2.3:a:spritesoftware:spritebackup:2.5.4105:::::::*
	cpe:2.3:a:spritesoftware:spritebackup:2.5.4108:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.24:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.28:::::::*

OR	cpe:2.3:h:lg:e971:-:::::::*
	cpe:2.3:h:lg:e973:-:::::::*
	cpe:2.3:h:lg:e975:-:::::::*
	cpe:2.3:h:lg:e975k:-:::::::*
	cpe:2.3:h:lg:e975t:-:::::::*
	cpe:2.3:h:lg:e976:-:::::::*
	cpe:2.3:h:lg:e977:-:::::::*
	cpe:2.3:h:lg:f100k:-:::::::*
	cpe:2.3:h:lg:f100l:-:::::::*
	cpe:2.3:h:lg:f100s:-:::::::*
	cpe:2.3:h:lg:f120k:-:::::::*
	cpe:2.3:h:lg:f120l:-:::::::*
	cpe:2.3:h:lg:f120s:-:::::::*
	cpe:2.3:h:lg:f160k:-:::::::*
	cpe:2.3:h:lg:f160l:-:::::::*
	cpe:2.3:h:lg:f160lv:-:::::::*
	cpe:2.3:h:lg:f160s:-:::::::*
	cpe:2.3:h:lg:f180k:-:::::::*
	cpe:2.3:h:lg:f180l:-:::::::*
	cpe:2.3:h:lg:f180s:-:::::::*
	cpe:2.3:h:lg:f200k:-:::::::*
	cpe:2.3:h:lg:f200l:-:::::::*
	cpe:2.3:h:lg:f200s:-:::::::*
	cpe:2.3:h:lg:f240k:-:::::::*
	cpe:2.3:h:lg:f240l:-:::::::*
	cpe:2.3:h:lg:f240s:-:::::::*
	cpe:2.3:h:lg:f260k:-:::::::*
	cpe:2.3:h:lg:f260l:-:::::::*
	cpe:2.3:h:lg:f260s:-:::::::*
	cpe:2.3:h:lg:l21_:-:::::::*
	cpe:2.3:h:lg:lg870:-:::::::*
	cpe:2.3:h:lg:ls860:-:::::::*
	cpe:2.3:h:lg:ls970:-:::::::*
	cpe:2.3:h:lg:p760:-:::::::*
	cpe:2.3:h:lg:p769:-:::::::*
	cpe:2.3:h:lg:p780:-:::::::*
	cpe:2.3:h:lg:p875:-:::::::*
	cpe:2.3:h:lg:p875h:-:::::::*
	cpe:2.3:h:lg:p880:-:::::::*
	cpe:2.3:h:lg:p940:-:::::::*
	cpe:2.3:h:lg:su540:-:::::::*
	cpe:2.3:h:lg:su870:-:::::::*
	cpe:2.3:h:lg:us780:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/60749
https://androidvulnerabilities.org/all
https://exchange.xforce.ibmcloud.com/vulnerabilities/85296
https://seclists.org/fulldisclosure/2013/Jun/196

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-12T15:41:42

Updated: 2024-08-06T16:14:56.774Z

Reserved: 2013-05-28T00:00:00

Link: CVE-2013-3685

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-12T16:15:10.863

Modified: 2020-02-19T19:43:48.977

Link: CVE-2013-3685

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object