2 matches found
CVE-2013-6775
The CVE-2013-6775 entry describes a privilege escalation in Chainfire SuperSU for Android, affected before version 1.69. The root cause is that the -c argument to /system/xbin/su can be parsed through shell metacharacters (backtick or $( )), allowing an attacker-controlled command to be executed ...
Android 4.2.x Superuser Shell Character Escape
Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root, either without prompting the user or after the user has denied the request: - CyanogenMod/ClockWorkMod/Koush Superuser current releases, including v1.0.2.1 ...