CVE-2013-6124 - CERT CVE

  1. CVE-2013-6124

ID CVE-2013-6124
Sažetak The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.
Reference
CVSS
Base: 3.3
Impact: 4.9
Exploitability:3.4
Pristup
VektorSloženostAutentikacija
LOCAL MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL PARTIAL
CVSS vektor AV:L/AC:M/Au:N/C:N/I:P/A:P
Zadnje važnije ažuriranje 02-09-2014 - 18:51
Objavljeno 31-08-2014 - 10:55