CVE-2013-3685 – Sprite Software Android Race Condition
https://notcve.org/view.php?id=CVE-2013-3685
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. Se presenta una Vulnerabilidad de Escalada de Privilegios en Sprite Software Spritebud versiones 1.3.24 y 1.3.28 y Backup versiones 2.5.4105 y 2.5.4108, en los teléfonos inteligentes LG con Android debido a una condición de carrera en el demonio spritebud, lo que podría permitir a un usuario malicioso local obtener privilegios root. A race condition in Sprite Software's backup software on Android devices allows for code execution as root. • http://www.securityfocus.com/bid/60749 https://androidvulnerabilities.org/all https://exchange.xforce.ibmcloud.com/vulnerabilities/85296 https://seclists.org/fulldisclosure/2013/Jun/196 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-3666 – LG Optimus G Command Injection
https://notcve.org/view.php?id=CVE-2013-3666
The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button. El componente de menu oculto de LG (LG Hidden Menu) para Android en LG Optimus G E973 permite a atacantes físicamente próximos a ejecutar comandos arbitrarios entrando en el modo de depuración USB, utilizando Android Debug Bridge (adb) para establecer una conexión USB, marcando 3845#*973#, modificando la cadena de comandos WLAN test Wi-Fi Ping Test/User Command tcpdump, y pulsando el botón CANCEL. LG Optimus G E973 suffers from a command injection vulnerability. • http://seclists.org/fulldisclosure/2013/May/166 http://www.youtube.com/watch?v=ZfbDIpTY-t4 https://plus.google.com/110348415484169880343/posts/9KxBtkyuYcj • CWE-264: Permissions, Privileges, and Access Controls •