CVE-2013-3685

A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.

CVSS v3 7.0 HIGH
CVSS v2.0 6.9 MEDIUM

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/60749	Third Party Advisory VDB Entry
https://androidvulnerabilities.org/all	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85296	Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2013/Jun/196	Exploit Mailing List Third Party Advisory
http://www.securityfocus.com/bid/60749	Third Party Advisory VDB Entry
https://androidvulnerabilities.org/all	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85296	Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2013/Jun/196	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:spritesoftware:spritebackup:2.5.4105:::::::*
	cpe:2.3:a:spritesoftware:spritebackup:2.5.4108:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.24:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.28:::::::*

OR	cpe:2.3:h:lg:e971:-:::::::*
	cpe:2.3:h:lg:e973:-:::::::*
	cpe:2.3:h:lg:e975:-:::::::*
	cpe:2.3:h:lg:e975k:-:::::::*
	cpe:2.3:h:lg:e975t:-:::::::*
	cpe:2.3:h:lg:e976:-:::::::*
	cpe:2.3:h:lg:e977:-:::::::*
	cpe:2.3:h:lg:f100k:-:::::::*
	cpe:2.3:h:lg:f100l:-:::::::*
	cpe:2.3:h:lg:f100s:-:::::::*
	cpe:2.3:h:lg:f120k:-:::::::*
	cpe:2.3:h:lg:f120l:-:::::::*
	cpe:2.3:h:lg:f120s:-:::::::*
	cpe:2.3:h:lg:f160k:-:::::::*
	cpe:2.3:h:lg:f160l:-:::::::*
	cpe:2.3:h:lg:f160lv:-:::::::*
	cpe:2.3:h:lg:f160s:-:::::::*
	cpe:2.3:h:lg:f180k:-:::::::*
	cpe:2.3:h:lg:f180l:-:::::::*
	cpe:2.3:h:lg:f180s:-:::::::*
	cpe:2.3:h:lg:f200k:-:::::::*
	cpe:2.3:h:lg:f200l:-:::::::*
	cpe:2.3:h:lg:f200s:-:::::::*
	cpe:2.3:h:lg:f240k:-:::::::*
	cpe:2.3:h:lg:f240l:-:::::::*
	cpe:2.3:h:lg:f240s:-:::::::*
	cpe:2.3:h:lg:f260k:-:::::::*
	cpe:2.3:h:lg:f260l:-:::::::*
	cpe:2.3:h:lg:f260s:-:::::::*
	cpe:2.3:h:lg:l21_:-:::::::*
	cpe:2.3:h:lg:lg870:-:::::::*
	cpe:2.3:h:lg:ls860:-:::::::*
	cpe:2.3:h:lg:ls970:-:::::::*
	cpe:2.3:h:lg:p760:-:::::::*
	cpe:2.3:h:lg:p769:-:::::::*
	cpe:2.3:h:lg:p780:-:::::::*
	cpe:2.3:h:lg:p875:-:::::::*
	cpe:2.3:h:lg:p875h:-:::::::*
	cpe:2.3:h:lg:p880:-:::::::*
	cpe:2.3:h:lg:p940:-:::::::*
	cpe:2.3:h:lg:su540:-:::::::*
	cpe:2.3:h:lg:su870:-:::::::*
	cpe:2.3:h:lg:us780:-:::::::*

History

21 Nov 2024, 01:54

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/60749 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/60749 - Third Party Advisory, VDB Entry
References	~~() https://androidvulnerabilities.org/all - Third Party Advisory~~	() https://androidvulnerabilities.org/all - Third Party Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/85296 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/85296 - Third Party Advisory, VDB Entry
References	~~() https://seclists.org/fulldisclosure/2013/Jun/196 - Exploit, Mailing List, Third Party Advisory~~	() https://seclists.org/fulldisclosure/2013/Jun/196 - Exploit, Mailing List, Third Party Advisory

Information

Published : 2020-02-12 16:15

Updated : 2024-11-21 01:54

NVD link : CVE-2013-3685

Mitre link : CVE-2013-3685

CVE.ORG link : CVE-2013-3685

JSON object : View

Products Affected

e977
ls970
f120k
l21_
p880
f180k
f260k
f240k
f100s
ls860
p760
su540
e973
f180l
f160l
p875
p875h
f160s
us780
f160k
f260l
f200l
f200s
f240s
f260s
f100k
f160lv
p780
lg870
e976
su870
e971
e975t
f120s
f120l
f180s
p940
e975
e975k
f100l
p769
f240l
f200k

spritesoftware

spritebackup
spritebud

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

7.0 /10