CVE-2013-3685

A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.

CVSS v3 7.0 HIGH
CVSS v2.0 6.9 MEDIUM

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/60749	Third Party Advisory VDB Entry
https://androidvulnerabilities.org/all	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85296	Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2013/Jun/196	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:spritesoftware:spritebackup:2.5.4105:::::::*
	cpe:2.3:a:spritesoftware:spritebackup:2.5.4108:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.24:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.28:::::::*

OR	cpe:2.3:h:lg:e971:-:::::::*
	cpe:2.3:h:lg:e973:-:::::::*
	cpe:2.3:h:lg:e975:-:::::::*
	cpe:2.3:h:lg:e975k:-:::::::*
	cpe:2.3:h:lg:e975t:-:::::::*
	cpe:2.3:h:lg:e976:-:::::::*
	cpe:2.3:h:lg:e977:-:::::::*
	cpe:2.3:h:lg:f100k:-:::::::*
	cpe:2.3:h:lg:f100l:-:::::::*
	cpe:2.3:h:lg:f100s:-:::::::*
	cpe:2.3:h:lg:f120k:-:::::::*
	cpe:2.3:h:lg:f120l:-:::::::*
	cpe:2.3:h:lg:f120s:-:::::::*
	cpe:2.3:h:lg:f160k:-:::::::*
	cpe:2.3:h:lg:f160l:-:::::::*
	cpe:2.3:h:lg:f160lv:-:::::::*
	cpe:2.3:h:lg:f160s:-:::::::*
	cpe:2.3:h:lg:f180k:-:::::::*
	cpe:2.3:h:lg:f180l:-:::::::*
	cpe:2.3:h:lg:f180s:-:::::::*
	cpe:2.3:h:lg:f200k:-:::::::*
	cpe:2.3:h:lg:f200l:-:::::::*
	cpe:2.3:h:lg:f200s:-:::::::*
	cpe:2.3:h:lg:f240k:-:::::::*
	cpe:2.3:h:lg:f240l:-:::::::*
	cpe:2.3:h:lg:f240s:-:::::::*
	cpe:2.3:h:lg:f260k:-:::::::*
	cpe:2.3:h:lg:f260l:-:::::::*
	cpe:2.3:h:lg:f260s:-:::::::*
	cpe:2.3:h:lg:l21_:-:::::::*
	cpe:2.3:h:lg:lg870:-:::::::*
	cpe:2.3:h:lg:ls860:-:::::::*
	cpe:2.3:h:lg:ls970:-:::::::*
	cpe:2.3:h:lg:p760:-:::::::*
	cpe:2.3:h:lg:p769:-:::::::*
	cpe:2.3:h:lg:p780:-:::::::*
	cpe:2.3:h:lg:p875:-:::::::*
	cpe:2.3:h:lg:p875h:-:::::::*
	cpe:2.3:h:lg:p880:-:::::::*
	cpe:2.3:h:lg:p940:-:::::::*
	cpe:2.3:h:lg:su540:-:::::::*
	cpe:2.3:h:lg:su870:-:::::::*
	cpe:2.3:h:lg:us780:-:::::::*

History

No history.

Information

Published : 2020-02-12 16:15

Updated : 2024-02-28 17:28

NVD link : CVE-2013-3685

Mitre link : CVE-2013-3685

CVE.ORG link : CVE-2013-3685

JSON object : View

Products Affected

ls970
f240s
p780
f200l
f100k
f180l
su870
f120k
f160s
f200s
us780
p875h
e971
su540
f180s
e975t
e975k
f260l
f100l
p880
e977
f180k
f240l
e973
f160lv
f260s
f120l
l21_
f160k
lg870
ls860
f260k
p760
f160l
f240k
p769
f120s
p875
e975
f200k
f100s
p940
e976

spritesoftware

spritebud
spritebackup

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

7.0 /10