Permissions, Privileges, and Access Controls in BusyBox - CVE-2013-1813

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU46356

Permissions, Privileges, and Access Controls in BusyBox - CVE-2013-1813

Published: November 23, 2013 / Updated: September 8, 2020


Vulnerability identifier: #VU46356
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2013-1813
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: busybox.net
Affected software:
BusyBox

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.


How to mitigate CVE-2013-1813

Install update from vendor's website.

Sources