CVE-2013-6768
Koush Superuser 1.0.2.1 - Unauthenticated Path Traversal via PATH Environment Variable
Title source: llmDescription
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.
References (1)
Core 1
Core References
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/529796
Scores
EPSS
0.0109
EPSS Percentile
61.2%
Details
CWE
CWE-22
Status
published
Products (1)
koushik_dutta/superuser
1.0.2.1
Published
Mar 31, 2014
Tracked Since
Feb 18, 2026