CVE-2013-6124 - Improper Link Resolution Before File Access ('Link Following')

Severity

32%

Complexity

34%

Confidentiality

81%

The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

CVSS 2.0 Base Score 3.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P).

Overview

Type

codeaurora android-msm

First reported 10 years ago

2014-08-31 10:55:00

Last updated 10 years ago

2014-09-02 18:51:00

Affected Software

codeaurora android-msm 3.2.54

3.2.54

codeaurora android-msm 3.2.55

3.2.55

codeaurora android-msm 3.2.56

3.2.56

codeaurora android-msm 3.2.57

3.2.57

codeaurora android-msm 3.2.58

3.2.58

codeaurora android-msm 3.2.59

3.2.59

codeaurora android-msm 3.2.60

3.2.60

codeaurora android-msm 3.2.61

3.2.61

codeaurora android-msm 3.2.62

3.2.62

codeaurora android-msm 3.4.72

3.4.72

codeaurora android-msm 3.4.73

3.4.73

codeaurora android-msm 3.4.74

3.4.74

codeaurora android-msm 3.4.75

3.4.75

codeaurora android-msm 3.4.76

3.4.76

codeaurora android-msm 3.4.77

3.4.77

codeaurora android-msm 3.4.78

3.4.78

codeaurora android-msm 3.4.79

3.4.79

codeaurora android-msm 3.4.80

3.4.80

codeaurora android-msm 3.4.81

3.4.81

codeaurora android-msm 3.4.82

3.4.82

codeaurora android-msm 3.4.83

3.4.83

codeaurora android-msm 3.4.84

3.4.84

codeaurora android-msm 3.4.85

3.4.85

codeaurora android-msm 3.4.86

3.4.86

codeaurora android-msm 3.4.87

3.4.87

codeaurora android-msm 3.4.88

3.4.88

codeaurora android-msm 3.4.89

3.4.89

codeaurora android-msm 3.4.90

3.4.90

codeaurora android-msm 3.4.91

3.4.91

codeaurora android-msm 3.4.92

3.4.92

codeaurora android-msm 3.4.93

3.4.93

codeaurora android-msm 3.4.94

3.4.94

codeaurora android-msm 3.4.95

3.4.95

codeaurora android-msm 3.4.96

3.4.96

codeaurora android-msm 3.4.97

3.4.97

codeaurora android-msm 3.4.98

3.4.98

codeaurora android-msm 3.4.99

3.4.99

codeaurora android-msm 3.4.100

3.4.100

codeaurora android-msm 3.4.101

3.4.101

codeaurora android-msm 3.4.102

3.4.102

codeaurora android-msm 3.4.103

3.4.103

codeaurora android-msm 3.10

3.10

codeaurora android-msm 3.10.22

3.10.22

codeaurora android-msm 3.10.23

3.10.23

codeaurora android-msm 3.10.24

3.10.24

codeaurora android-msm 3.10.25

3.10.25

codeaurora android-msm 3.10.26

3.10.26

codeaurora android-msm 3.10.27

3.10.27

codeaurora android-msm 3.10.28

3.10.28

codeaurora android-msm 3.10.29

3.10.29

codeaurora android-msm 3.10.30

3.10.30

codeaurora android-msm 3.10.31

3.10.31

codeaurora android-msm 3.10.32

3.10.32

codeaurora android-msm 3.10.33

3.10.33

codeaurora android-msm 3.10.35

3.10.35

codeaurora android-msm 3.10.36

3.10.36

codeaurora android-msm 3.10.37

3.10.37

codeaurora android-msm 3.10.38

3.10.38

codeaurora android-msm 3.10.39

3.10.39

codeaurora android-msm 3.10.40

3.10.40

codeaurora android-msm 3.10.41

3.10.41

codeaurora android-msm 3.10.42

3.10.42

codeaurora android-msm 3.10.43

3.10.43

codeaurora android-msm 3.10.44

3.10.44

codeaurora android-msm 3.10.45

3.10.45

codeaurora android-msm 3.10.46

3.10.46

codeaurora android-msm 3.10.47

3.10.47

codeaurora android-msm 3.10.48

3.10.48

codeaurora android-msm 3.10.49

3.10.49

codeaurora android-msm 3.10.50

3.10.50

codeaurora android-msm 3.10.51

3.10.51

codeaurora android-msm 3.10.52

3.10.52

codeaurora android-msm 3.10.53

3.10.53

codeaurora android-msm 3.12.3

3.12.3

codeaurora android-msm 3.12.4

3.12.4

codeaurora android-msm 3.12.5

3.12.5

codeaurora android-msm 3.12.6

3.12.6

codeaurora android-msm 3.12.7

3.12.7

codeaurora android-msm 3.12.8

3.12.8

codeaurora android-msm 3.12.9

3.12.9

codeaurora android-msm 3.12.10

3.12.10

codeaurora android-msm 3.12.11

3.12.11

codeaurora android-msm 3.12.12

3.12.12

codeaurora android-msm 3.12.13

3.12.13

codeaurora android-msm 3.12.14

3.12.14

codeaurora android-msm 3.12.15

3.12.15

codeaurora android-msm 3.15 release candidate 7

3.12.16

codeaurora android-msm 3.12.17

3.12.17

codeaurora android-msm 3.12.18

3.12.18

codeaurora android-msm 3.12.19

3.12.19

codeaurora android-msm 3.12.20

3.12.20

codeaurora android-msm 3.12.21

3.12.21

codeaurora android-msm 3.12.22

3.12.22

codeaurora android-msm 3.12.23

3.12.23

codeaurora android-msm 3.12.24

3.12.24

codeaurora android-msm 3.12.25

3.12.25

codeaurora android-msm 3.12.26

3.12.26

codeaurora android-msm 3.13

3.13

codeaurora android-msm 3.13 release candidate 1

3.13

codeaurora android-msm 3.13 release candidate 2

3.13

codeaurora android-msm 3.13 release candidate 3

3.13

codeaurora android-msm 3.13 release candidate 4

3.13

codeaurora android-msm 3.13 release candidate 5

3.13

codeaurora android-msm 3.13 release candidate 6

3.13

codeaurora android-msm 3.13 release candidate 7

3.13

codeaurora android-msm 3.13 release candidate 8

3.13

codeaurora android-msm 3.13.1

3.13.1

codeaurora android-msm 3.13.2

3.13.2

codeaurora android-msm 3.13.3

3.13.3

codeaurora android-msm 3.13.4

3.13.4

codeaurora android-msm 3.13.5

3.13.5

codeaurora android-msm 3.13.6

3.13.6

codeaurora android-msm 3.13.7

3.13.7

codeaurora android-msm 3.13.8

3.13.8

codeaurora android-msm 3.13.9

3.13.9

codeaurora android-msm 3.13.10

3.13.10

codeaurora android-msm 3.13.11

3.13.11

codeaurora android-msm 3.14

3.14

codeaurora android-msm 3.14 release candidate 1

3.14

codeaurora android-msm 3.14 release candidate 2

3.14

codeaurora android-msm 3.14 release candidate 3

3.14

codeaurora android-msm 3.14 release candidate 4

3.14

codeaurora android-msm 3.14 release candidate 5

3.14

codeaurora android-msm 3.14 release candidate 6

3.14

codeaurora android-msm 3.14 release candidate 7

3.14

codeaurora android-msm 3.14 release candidate 8

3.14

codeaurora android-msm 3.14.1

3.14.1

codeaurora android-msm 3.14.2

3.14.2

codeaurora android-msm 3.14.3

3.14.3

codeaurora android-msm 3.14.4

3.14.4

codeaurora android-msm 3.14.5

3.14.5

codeaurora android-msm 3.14.6

3.14.6

codeaurora android-msm 3.14.7

3.14.7

codeaurora android-msm 3.14.8

3.14.8

codeaurora android-msm 3.14.9

3.14.9

codeaurora android-msm 3.14.10

3.14.10

codeaurora android-msm 3.14.11

3.14.11

codeaurora android-msm 3.14.12

3.14.12

codeaurora android-msm 3.14.13

3.14.13

codeaurora android-msm 3.14.14

3.14.14

codeaurora android-msm 3.14.15

3.14.15

codeaurora android-msm 3.14.16

3.14.16

codeaurora android-msm 3.15

3.15

codeaurora android-msm 3.15 release candidate 1

3.15

codeaurora android-msm 3.15 release candidate 2

3.15

codeaurora android-msm 3.15 release candidate 3

3.15

codeaurora android-msm 3.15 release candidate 4

3.15

codeaurora android-msm 3.15 release candidate 5

3.15

codeaurora android-msm 3.15 release candidate 6

3.15

codeaurora android-msm 3.15 release candidate 7

3.15

codeaurora android-msm 3.15 release candidate 8

3.15

codeaurora android-msm 3.15.1

3.15.1

codeaurora android-msm 3.15.2

3.15.2

codeaurora android-msm 3.15.3

3.15.3

codeaurora android-msm 3.15.4

3.15.4

codeaurora android-msm 3.15.5

3.15.5

codeaurora android-msm 3.15.6

3.15.6

codeaurora android-msm 3.15.7

3.15.7

codeaurora android-msm 3.15.8

3.15.8

codeaurora android-msm 3.15.9

3.15.9

codeaurora android-msm 3.15.10

3.15.10

codeaurora android-msm 3.16

3.16

codeaurora android-msm 3.16 release candidate 1

3.16

codeaurora android-msm 3.16 release candidate 2

3.16

codeaurora android-msm 3.16 release candidate 3

3.16

codeaurora android-msm 3.16 release candidate 4

3.16

codeaurora android-msm 3.16 release candidate 5

3.16

codeaurora android-msm 3.16 release candidate 6

3.16

codeaurora android-msm 3.16 release candidate 7

3.16

codeaurora android-msm 3.16.1

3.16.1

codeaurora android-msm 3.17 release candidate 1

3.17

References

https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.