CVE-2013-3685

A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.

CVSS v3 7.0 HIGH
CVSS v2.0 6.9 MEDIUM

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/60749	Third Party Advisory VDB Entry
https://androidvulnerabilities.org/all	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85296	Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2013/Jun/196	Exploit Mailing List Third Party Advisory
http://www.securityfocus.com/bid/60749	Third Party Advisory VDB Entry
https://androidvulnerabilities.org/all	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85296	Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2013/Jun/196	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:spritesoftware:spritebackup:2.5.4105:::::::*
	cpe:2.3:a:spritesoftware:spritebackup:2.5.4108:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.24:::::::*
	cpe:2.3:a:spritesoftware:spritebud:1.3.28:::::::*

OR	cpe:2.3:h:lg:e971:-:::::::*
	cpe:2.3:h:lg:e973:-:::::::*
	cpe:2.3:h:lg:e975:-:::::::*
	cpe:2.3:h:lg:e975k:-:::::::*
	cpe:2.3:h:lg:e975t:-:::::::*
	cpe:2.3:h:lg:e976:-:::::::*
	cpe:2.3:h:lg:e977:-:::::::*
	cpe:2.3:h:lg:f100k:-:::::::*
	cpe:2.3:h:lg:f100l:-:::::::*
	cpe:2.3:h:lg:f100s:-:::::::*
	cpe:2.3:h:lg:f120k:-:::::::*
	cpe:2.3:h:lg:f120l:-:::::::*
	cpe:2.3:h:lg:f120s:-:::::::*
	cpe:2.3:h:lg:f160k:-:::::::*
	cpe:2.3:h:lg:f160l:-:::::::*
	cpe:2.3:h:lg:f160lv:-:::::::*
	cpe:2.3:h:lg:f160s:-:::::::*
	cpe:2.3:h:lg:f180k:-:::::::*
	cpe:2.3:h:lg:f180l:-:::::::*
	cpe:2.3:h:lg:f180s:-:::::::*
	cpe:2.3:h:lg:f200k:-:::::::*
	cpe:2.3:h:lg:f200l:-:::::::*
	cpe:2.3:h:lg:f200s:-:::::::*
	cpe:2.3:h:lg:f240k:-:::::::*
	cpe:2.3:h:lg:f240l:-:::::::*
	cpe:2.3:h:lg:f240s:-:::::::*
	cpe:2.3:h:lg:f260k:-:::::::*
	cpe:2.3:h:lg:f260l:-:::::::*
	cpe:2.3:h:lg:f260s:-:::::::*
	cpe:2.3:h:lg:l21_:-:::::::*
	cpe:2.3:h:lg:lg870:-:::::::*
	cpe:2.3:h:lg:ls860:-:::::::*
	cpe:2.3:h:lg:ls970:-:::::::*
	cpe:2.3:h:lg:p760:-:::::::*
	cpe:2.3:h:lg:p769:-:::::::*
	cpe:2.3:h:lg:p780:-:::::::*
	cpe:2.3:h:lg:p875:-:::::::*
	cpe:2.3:h:lg:p875h:-:::::::*
	cpe:2.3:h:lg:p880:-:::::::*
	cpe:2.3:h:lg:p940:-:::::::*
	cpe:2.3:h:lg:su540:-:::::::*
	cpe:2.3:h:lg:su870:-:::::::*
	cpe:2.3:h:lg:us780:-:::::::*

History

21 Nov 2024, 01:54

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/60749 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/60749 - Third Party Advisory, VDB Entry
References	~~() https://androidvulnerabilities.org/all - Third Party Advisory~~	() https://androidvulnerabilities.org/all - Third Party Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/85296 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/85296 - Third Party Advisory, VDB Entry
References	~~() https://seclists.org/fulldisclosure/2013/Jun/196 - Exploit, Mailing List, Third Party Advisory~~	() https://seclists.org/fulldisclosure/2013/Jun/196 - Exploit, Mailing List, Third Party Advisory

Information

Published : 2020-02-12 16:15

Updated : 2024-11-21 01:54

NVD link : CVE-2013-3685

Mitre link : CVE-2013-3685

CVE.ORG link : CVE-2013-3685

JSON object : View

Products Affected

ls970
p940
f260s
f240k
f260k
e975t
ls860
us780
p875
f200k
f240l
lg870
e975k
p769
f100s
f180l
e976
su540
f120s
e971
p780
e973
f160s
f180k
f200s
f160lv
e977
su870
p880
e975
f160k
f160l
f200l
p875h
l21_
f100k
f120k
f120l
f100l
f180s
f260l
p760
f240s

spritesoftware

spritebackup
spritebud

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2013-3685", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2020-02-12T16:15:10.863", "references": [{"url": "http://www.securityfocus.com/bid/60749", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://androidvulnerabilities.org/all", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85296", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/fulldisclosure/2013/Jun/196", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/60749", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://androidvulnerabilities.org/all", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85296", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/fulldisclosure/2013/Jun/196", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges."}, {"lang": "es", "value": "Se presenta una Vulnerabilidad de Escalada de Privilegios en Sprite Software Spritebud versiones 1.3.24 y 1.3.28 y Backup versiones 2.5.4105 y 2.5.4108, en los tel\u00e9fonos inteligentes LG con Android debido a una condici\u00f3n de carrera en el demonio spritebud, lo que podr\u00eda permitir a un usuario malicioso local obtener privilegios root."}], "lastModified": "2024-11-21T01:54:07.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:spritesoftware:spritebackup:2.5.4105:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFFC8DFD-2240-4304-B2D6-ECB08A3B8AF6"}, {"criteria": "cpe:2.3:a:spritesoftware:spritebackup:2.5.4108:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "632069F4-CEB5-4EFA-9710-E34E65AF1C51"}, {"criteria": "cpe:2.3:a:spritesoftware:spritebud:1.3.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B404B43-89D1-4BEE-ABF2-6703D8093CE3"}, {"criteria": "cpe:2.3:a:spritesoftware:spritebud:1.3.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DEFDC5D-B03B-4DF5-BA50-62622A3FCE32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lg:e971:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD545CFF-DBC8-4E41-98D4-20EE220B2AD4"}, {"criteria": "cpe:2.3:h:lg:e973:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28465EE7-D621-465E-89BB-0F4A075775EB"}, {"criteria": "cpe:2.3:h:lg:e975:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6C5C0A01-0B32-46CC-803E-69ADD0FC426B"}, {"criteria": "cpe:2.3:h:lg:e975k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D3DA3E48-B720-4C82-9EFE-3D5D337CBA14"}, {"criteria": "cpe:2.3:h:lg:e975t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F20E2AA-736D-4936-81EE-4F2D2436AC0F"}, {"criteria": "cpe:2.3:h:lg:e976:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "390967E9-631B-43A8-8973-BA7B0FC402D1"}, {"criteria": "cpe:2.3:h:lg:e977:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1E4328D-0647-4536-AE1B-48654519DA5E"}, {"criteria": "cpe:2.3:h:lg:f100k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B87C1170-D1A5-4788-AFEA-7B322DB7E994"}, {"criteria": "cpe:2.3:h:lg:f100l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5506FA79-7883-42FB-B04B-0A6F7F2FBFFE"}, {"criteria": "cpe:2.3:h:lg:f100s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1AE75DB4-9CE4-4815-A239-A39B9A32C4D8"}, {"criteria": "cpe:2.3:h:lg:f120k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97056264-628F-4552-91B0-2C0D740CE114"}, {"criteria": "cpe:2.3:h:lg:f120l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C569BBF3-34C2-4728-8622-61A51E9F9CA7"}, {"criteria": "cpe:2.3:h:lg:f120s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2D1A602-43ED-4D68-8E74-61BE953CDB4A"}, {"criteria": "cpe:2.3:h:lg:f160k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDE7D073-AB7D-4970-9EB0-84542C9B9407"}, {"criteria": "cpe:2.3:h:lg:f160l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24EC506F-57A4-4A63-ABE9-1AEBF6338958"}, {"criteria": "cpe:2.3:h:lg:f160lv:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80FB122E-CBB5-4371-A23D-7915A9798400"}, {"criteria": "cpe:2.3:h:lg:f160s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EDDE76E7-F2A6-4D8D-B7C2-A52EA64744D7"}, {"criteria": "cpe:2.3:h:lg:f180k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3526651A-4D7E-40AB-8AA0-958824F9C8FE"}, {"criteria": "cpe:2.3:h:lg:f180l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F14EDFD1-9EE8-4AB5-AB02-EDAAD255FDAA"}, {"criteria": "cpe:2.3:h:lg:f180s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E383F9D-F709-44AD-A409-2B049629D7A6"}, {"criteria": "cpe:2.3:h:lg:f200k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75976A47-4513-4AEE-B841-1404E14238FE"}, {"criteria": "cpe:2.3:h:lg:f200l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ECDF512F-B2E4-422B-835C-35F5046A50A7"}, {"criteria": "cpe:2.3:h:lg:f200s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20EBE16F-F2F2-4A4B-934C-25EDDA9570DD"}, {"criteria": "cpe:2.3:h:lg:f240k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FEBD8DA-E781-4E0F-A0F0-97173D8451CB"}, {"criteria": "cpe:2.3:h:lg:f240l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D211699E-7672-4E4E-8F4A-BA07F3C6996D"}, {"criteria": "cpe:2.3:h:lg:f240s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB59C7C7-3F50-4CCF-9A43-649D8F14F799"}, {"criteria": "cpe:2.3:h:lg:f260k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4EFBAD25-BC6B-4CBD-846B-5940FC2E40E7"}, {"criteria": "cpe:2.3:h:lg:f260l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E57BEB5-81A8-4010-86C4-096CDB7B1F68"}, {"criteria": "cpe:2.3:h:lg:f260s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF6FEADC-37EB-4F5F-9CF1-026D41368AF2"}, {"criteria": "cpe:2.3:h:lg:l21_:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5B9966D1-E909-4FF3-9B83-7C2855BF843D"}, {"criteria": "cpe:2.3:h:lg:lg870:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B31580F0-A38C-410A-A1A6-E997F645175E"}, {"criteria": "cpe:2.3:h:lg:ls860:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB31FF1B-4A20-4D3A-9578-45C6868E6293"}, {"criteria": "cpe:2.3:h:lg:ls970:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B3AA19E-2594-4DE0-A6FF-6B718BEF0013"}, {"criteria": "cpe:2.3:h:lg:p760:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDDDF369-26A3-4612-81B0-3CA8AFF7A509"}, {"criteria": "cpe:2.3:h:lg:p769:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E012370-8F1D-44B9-B68E-A35094664F23"}, {"criteria": "cpe:2.3:h:lg:p780:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77680753-CD31-4E85-A62C-16BAE969E4DF"}, {"criteria": "cpe:2.3:h:lg:p875:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "817FE253-6EC3-43A2-8B4F-FC054DC81835"}, {"criteria": "cpe:2.3:h:lg:p875h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F558773-5510-45B9-A482-F512F5348111"}, {"criteria": "cpe:2.3:h:lg:p880:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5BB59DDA-31A1-4B5F-AC26-603D74C0B661"}, {"criteria": "cpe:2.3:h:lg:p940:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BDE63A3A-E3A8-4E78-8F22-6E8F7054F77E"}, {"criteria": "cpe:2.3:h:lg:su540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F15C007-262E-4F40-A9AD-2D63C10CD406"}, {"criteria": "cpe:2.3:h:lg:su870:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F82456D4-A9F2-433D-9658-DF6DEE33AEA1"}, {"criteria": "cpe:2.3:h:lg:us780:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4489811-24F5-4DB7-9D43-6E301D2B64CC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.0 /10