[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2013-1813

Date: (C)2013-11-28   (M)2016-04-05
 
CVSS Score: 7.2Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

Reference:
RHSA-2013:1732
http://lists.busybox.net/pipermail/busybox/2013-January/078864.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965
http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784
https://support.t-mobile.com/docs/DOC-21994

CPE    100
cpe:/a:busybox:busybox:1.13.2
cpe:/a:busybox:busybox:1.13.1
cpe:/a:busybox:busybox:1.13.4
cpe:/a:busybox:busybox:1.17.0
...
CWE    1
CWE-264
OVAL    2
oval:org.secpod.oval:def:501146
oval:org.secpod.oval:def:1500302

© 2013 SecPod Technologies