CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 2CVE-2013-6768 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6768
14 Nov 2013 — Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. Vulnerabilidad de búsqueda de ruta no confiable en el paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.2.x y anteriores permite a atacantes provocar el lanzamiento de un programa app_process caballo de troya a t... • https://packetstorm.news/files/id/124015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2013-6769 – Android 4.2.x Superuser Shell Character Escape
https://notcve.org/view.php?id=CVE-2013-6769
14 Nov 2013 — The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su. El paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android permite a atacantes ganar privilegios a través de metacaracteres shell en la opción -c hacia /system/xbin/su. Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root. These issues are ... • https://packetstorm.news/files/id/124016 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2013-6770 – Android 4.3 Superuser Root Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-6770
14 Nov 2013 — The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. El paquete CyanogenMod/ClockWorkMod/Koush Superuser 1.0.2.1 para Android 4.3 y 4.4 no restringe debidamente el conjunto de usuarios que pueden ejecutar /system/xbin/su con la opción --da... • https://packetstorm.news/files/id/124020 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 117EXPL: 2CVE-2013-6774 – Android 4.2.x Superuser Unsanitized Environment
https://notcve.org/view.php?id=CVE-2013-6774
14 Nov 2013 — Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser. Vulnerabilidad de ... • https://packetstorm.news/files/id/124015 •