CVE-2013-6774

Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an...

CVE-2013-6768

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse appprocess program via a crafted PATH environment variable for a /system/xbin/su process...

CVE-2013-6769

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su...

Design/Logic Flaw

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su...

Design/Logic Flaw

Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an...

Design/Logic Flaw

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse appprocess program via a crafted PATH environment variable for a /system/xbin/su process...

CVE-2013-6768

The CVE-2013-6768 entry describes an untrusted search path vulnerability in CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier. A crafted PATH for /system/xbin/su can trigger the Dalvik VM to launch a Trojan horse app_process, enabling privilege-related risk. C...

CVE-2013-6769

The CVE-2013-6769 entry concerns CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android. It describes a privilege-escalation vulnerability where attackers can gain root privileges by injecting shell metacharacters into the -c argument of /system/xbin/su. The root cause is improper h...

CVE-2013-6770

CVE-2013-6770 affects CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 on Android 4.3/4.4. The flaw lets any user with ADB shell access and a suitable Linux UID exploit /system/xbin/su --daemon to gain root privileges and create a Trojan script, due to inadequate restriction of who can ru...

CVE-2013-6768

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse appprocess program via a crafted PATH environment variable for a /system/xbin/su process...

Android Superuser shell character escape vulnerability

Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root, either without prompting the user or after the user has denied the request: - CyanogenMod/ClockWorkMod/Koush Superuser current releases, including v1.0.2.1 ...

Android 4.2.x Superuser Unsanitized Environment

Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner: - ChainsDD Superuser current releases, including v3.1.3 - CyanogenMod/ClockWorkMod/Koush Superuser current releases,...

Android 4.3 Superuser Root Privilege Escalation

Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain, non-default device configurations. Android 4.3 introduced the concept of "restricted profiles," created through the Settings - Users menu. A...