CVE-2013-6774
Last modified
CVE-2013-6774 is a vulnerability of currently unknown severity. Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.. EPSS estimates a 1.59% chance of exploitation in the next 30 days.
Description
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chainfire | Supersu | 1.69 |
| Androidsu | Chainsdd Superuser | 3.1.3 |
| Koushik Dutta | Superuser | 1.0.2.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-6774?
How severe is CVE-2013-6774?
How do I fix CVE-2013-6774?
Are you affected by CVE-2013-6774?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST