CVE-2013-1813Busybox vulnerability

CWE-2648 documents7 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 74.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
BusyboxRedhat Enterprise LinuxT-mobile Tm-ac1900
Timeline
PublishedNov 23
Latest updateMay 13

Description

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

Debianbusybox/busybox< 1:1.20.0-8+3
NVDbusybox/busybox1.20.2+98
NVDt-mobile/tm-ac19003.0.0.4.376_3169

Also affects: Enterprise Linux 6.0

Patches

Patch: git.busybox.netPatch: git.busybox.net

🔴Vulnerability Details

3
GHSA
GHSA-gv44-p9m5-qjmr: util-linux/mdev2022-05-13
CVEList
CVE-2013-1813: util-linux/mdev2013-11-23
OSV
CVE-2013-1813: util-linux/mdev2013-11-23

📋Vendor Advisories

2
Red Hat
busybox: insecure directory permissions in /dev2013-03-01
Debian
CVE-2013-1813: busybox - util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent dire...2013

💬Community

2
Bugzilla
CVE-2013-1813 busybox: insecure directory permissions in /dev2013-03-08
Bugzilla
CVE-2013-1813 busybox: insecure directory permissions in /dev [fedora-all]2013-03-08
CVE-2013-1813 — Busybox vulnerability | cvebase