Lucene search

MitreCVE-2013-4777

HistorySep 25, 2013 - 10:31 a.m.

CVE-2013-4777

2013-09-2510:31:29

CWE-264

mitre

web.nvd.nist.gov

cve-2013-4777

motorola

defy xt

android

privilege escalation

vulnerability

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

23.6%

JSON

A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object.

Affected configurations

Nvd

Node

googleandroidMatch2.3.7

AND

motoroladefy_xtMatch------

VendorProductVersionCPE
googleandroid2.3.7cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:*
motoroladefy_xt-cpe:2.3:h:motorola:defy_xt:-:-:-:*:-:-:-:republic_wireless

Vendor	Product	Version	CPE
google	android	2.3.7	cpe:2.3:o:google:android:2.3.7:::::::*
motorola	defy_xt	-	cpe:2.3:h:motorola:defy_xt:-:-:-:*:-:-:-:republic_wireless

References

plus.google.com/110348415484169880343/posts/5ofgPNrSu3J

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

23.6%

JSON

Related for CVE-2013-4777