1. Home
  2. CVE Database
  3. CVE-2013-6768
MEDIUM · 5.0

CVE-2013-6768

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process p...

Vulnerability Description

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
Koushik DuttaSuperuser1.0.2.1
GoogleAndroid1.0

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2013-6768?

CVE-2013-6768 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process p...

How severe is CVE-2013-6768?

CVE-2013-6768 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-6768?

Check the references section above for vendor advisories and patch information. Affected products include: Koushik Dutta Superuser, Google Android.