The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-03-30T10:00:00

Updated: 2024-08-06T17:46:23.588Z

Reserved: 2013-11-10T00:00:00

Link: CVE-2013-6770

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-03-31T14:58:57.790

Modified: 2024-11-21T01:59:40.820

Link: CVE-2013-6770

cve-icon Redhat

No data.