CVE-2013-6768

Koush Superuser 1.0.2.1 - Unauthenticated Path Traversal via PATH Environment Variable

Title source: llm
STIX 2.1

Description

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.

References (1)

Core 1
Core References
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/529796

Scores

EPSS 0.0109
EPSS Percentile 61.2%

Details

CWE
CWE-22
Status published
Products (1)
koushik_dutta/superuser 1.0.2.1
Published Mar 31, 2014
Tracked Since Feb 18, 2026