CVE-2013-6124

The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124	Vendor Advisory
https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:codeaurora:android-msm:3.2.54:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.55:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.56:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.57:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.58:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.59:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.60:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.61:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.62:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.72:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.73:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.74:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.75:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.76:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.77:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.78:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.79:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.80:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.81:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.82:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.83:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.84:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.85:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.86:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.87:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.88:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.89:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.90:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.91:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.92:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.93:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.94:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.95:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.96:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.97:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.98:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.99:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.100:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.101:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.102:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.103:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.22:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.23:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.24:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.25:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.26:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.27:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.28:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.29:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.30:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.31:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.32:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.33:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.35:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.36:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.37:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.38:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.39:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.40:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.41:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.42:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.43:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.44:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.45:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.46:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.47:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.48:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.49:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.50:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.51:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.52:::::::*
cpe:2.3:o:codeaurora:android-msm:3.10.53:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.3:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.4:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.5:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.6:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.7:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.8:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.9:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.10:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.11:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.12:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.13:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.14:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.15:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.16:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.17:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.18:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.19:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.20:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.21:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.22:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.23:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.24:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.25:::::::*
cpe:2.3:o:codeaurora:android-msm:3.12.26:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13:rc1::::::
cpe:2.3:o:codeaurora:android-msm:3.13:rc2::::::
cpe:2.3:o:codeaurora:android-msm:3.13:rc3::::::
cpe:2.3:o:codeaurora:android-msm:3.13:rc4::::::
cpe:2.3:o:codeaurora:android-msm:3.13:rc5::::::
cpe:2.3:o:codeaurora:android-msm:3.13:rc6::::::
cpe:2.3:o:codeaurora:android-msm:3.13:rc7::::::
cpe:2.3:o:codeaurora:android-msm:3.13:rc8::::::
cpe:2.3:o:codeaurora:android-msm:3.13.1:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.2:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.3:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.4:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.5:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.6:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.7:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.8:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.9:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.10:::::::*
cpe:2.3:o:codeaurora:android-msm:3.13.11:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14:rc1::::::
cpe:2.3:o:codeaurora:android-msm:3.14:rc2::::::
cpe:2.3:o:codeaurora:android-msm:3.14:rc3::::::
cpe:2.3:o:codeaurora:android-msm:3.14:rc4::::::
cpe:2.3:o:codeaurora:android-msm:3.14:rc5::::::
cpe:2.3:o:codeaurora:android-msm:3.14:rc6::::::
cpe:2.3:o:codeaurora:android-msm:3.14:rc7::::::
cpe:2.3:o:codeaurora:android-msm:3.14:rc8::::::
cpe:2.3:o:codeaurora:android-msm:3.14.1:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.2:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.3:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.4:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.5:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.6:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.7:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.8:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.9:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.10:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.11:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.12:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.13:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.14:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.15:::::::*
cpe:2.3:o:codeaurora:android-msm:3.14.16:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15:rc1::::::
cpe:2.3:o:codeaurora:android-msm:3.15:rc2::::::
cpe:2.3:o:codeaurora:android-msm:3.15:rc3::::::
cpe:2.3:o:codeaurora:android-msm:3.15:rc4::::::
cpe:2.3:o:codeaurora:android-msm:3.15:rc5::::::
cpe:2.3:o:codeaurora:android-msm:3.15:rc6::::::
cpe:2.3:o:codeaurora:android-msm:3.15:rc7::::::
cpe:2.3:o:codeaurora:android-msm:3.15:rc8::::::
cpe:2.3:o:codeaurora:android-msm:3.15.1:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.2:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.3:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.4:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.5:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.6:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.7:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.8:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.9:::::::*
cpe:2.3:o:codeaurora:android-msm:3.15.10:::::::*
cpe:2.3:o:codeaurora:android-msm:3.16:::::::*
cpe:2.3:o:codeaurora:android-msm:3.16:rc1::::::
cpe:2.3:o:codeaurora:android-msm:3.16:rc2::::::
cpe:2.3:o:codeaurora:android-msm:3.16:rc3::::::
cpe:2.3:o:codeaurora:android-msm:3.16:rc4::::::
cpe:2.3:o:codeaurora:android-msm:3.16:rc5::::::
cpe:2.3:o:codeaurora:android-msm:3.16:rc6::::::
cpe:2.3:o:codeaurora:android-msm:3.16:rc7::::::
cpe:2.3:o:codeaurora:android-msm:3.16.1:::::::*
cpe:2.3:o:codeaurora:android-msm:3.17:rc1::::::

History

21 Nov 2024, 01:58

Type	Values Removed	Values Added
References	~~() https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124 - Vendor Advisory~~	() https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124 - Vendor Advisory

Information

Published : 2014-08-31 10:55

Updated : 2025-04-12 10:46

NVD link : CVE-2013-6124

Mitre link : CVE-2013-6124

CVE.ORG link : CVE-2013-6124

JSON object : View

Products Affected

codeaurora

android-msm

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

3.3 /10