what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Kevin Cernekee

Android 4.3 Superuser Root Privilege Escalation

Posted Nov 14, 2013

Authored by Kevin Cernekee

The Superuser package for Android 4.3 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root.

tags | exploit, root

advisories | CVE-2013-6770

SHA-256 | 720557d982f3ef8aaa06d07b9d53d8da0492b2a5ee7ee8cdb30161f8cc7b9f96

Download | Favorite | View

Android 4.2.x Superuser Shell Character Escape

Posted Nov 14, 2013

Authored by Kevin Cernekee

Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root. These issues are due to a shell character escape vulnerability.

tags | exploit, arbitrary, shell, root

advisories | CVE-2013-6769

SHA-256 | f6134df3ff0263a6cd72271f82d052f4901243c942b8062a434fa2292a742fab

Download | Favorite | View

Android 4.2.x Superuser Unsanitized Environment

Posted Nov 14, 2013

Authored by Kevin Cernekee

Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner. This advisoriy documents PATH and BOOTCLASSPATH vulnerabilities.

tags | exploit, arbitrary, root

advisories | CVE-2013-6768, CVE-2013-6774

SHA-256 | 12b763de306db7a0f6da5ae622fa69aa12764251a01b3dfaf8577292ab988109

Download | Favorite | View