CVE-2013-6770 – Android 4.3 Superuser Root Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-6770
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. El paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.3 y 4.4 no restringe debidamente el conjunto de usuarios que pueden ejecutar /system/xbin/su con la opción --daemon, lo que permite a atacantes ganar privilegios mediante el aprovechamiento de acceso shell ADB y cierto identificador de usuario de Linux, y después crear un script de caballo de troya. The Superuser package for Android 4.3 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root. • http://www.securityfocus.com/archive/1/529795 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6769 – Android 4.2.x Superuser Shell Character Escape
https://notcve.org/view.php?id=CVE-2013-6769
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su. El paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android permite a atacantes ganar privilegios a través de metacaracteres shell en la opción -c hacia /system/xbin/su. Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root. These issues are due to a shell character escape vulnerability. • http://www.securityfocus.com/archive/1/529797 • CWE-20: Improper Input Validation •
CVE-2013-6774 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6774
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser. Vulnerabilidad de búsqueda de ruta no confiable en el paquete ChainsDD Superuser 3.1.3 para Android 4.2.x y anteriores, el paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.2.x y anteriores y el paquete Chainfire SuperSU anterior a 1.69 para Android 4.2.x y anteriores permite a atacantes cargar un archivo .jar arbitrario y ganar privilegios a través de una variable de entorno BOOTCLASSPATH manipulada para un proceso /system/xbin/su. NOTA: otro investigador fue incapaz de reproducir esto con ChainsDD Superuser. Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. • http://www.securityfocus.com/archive/1/529796 http://www.securityfocus.com/archive/1/529822 •
CVE-2013-6768 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6768
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. Vulnerabilidad de búsqueda de ruta no confiable en el paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.2.x y anteriores permite a atacantes provocar el lanzamiento de un programa app_process caballo de troya a través de una variable de entorno PATH manipulada para un proceso /system/xbin/su. Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. This advisoriy documents PATH and BOOTCLASSPATH vulnerabilities. • http://www.securityfocus.com/archive/1/529796 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •