CVE-2013-1813
First published: Sat Nov 23 2013(Updated: )
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | =6.0 | |
| ASUS TM-AC1900 | =3.0.0.4.376_3169 | |
| BusyBox | <=1.20.2 | |
| BusyBox | =0.38 | |
| BusyBox | =0.39 | |
| BusyBox | =0.40 | |
| BusyBox | =0.41 | |
| BusyBox | =0.42 | |
| BusyBox | =0.43 | |
| BusyBox | =0.45 | |
| BusyBox | =0.46 | |
| BusyBox | =0.47 | |
| BusyBox | =0.48 | |
| BusyBox | =0.49 | |
| BusyBox | =0.50 | |
| BusyBox | =0.51 | |
| BusyBox | =0.52 | |
| BusyBox | =0.60.0 | |
| BusyBox | =0.60.1 | |
| BusyBox | =0.60.2 | |
| BusyBox | =0.60.3 | |
| BusyBox | =0.60.4 | |
| BusyBox | =0.60.5 | |
| BusyBox | =1.00 | |
| BusyBox | =1.01 | |
| BusyBox | =1.1.0 | |
| BusyBox | =1.1.1 | |
| BusyBox | =1.1.2 | |
| BusyBox | =1.1.3 | |
| BusyBox | =1.2.0 | |
| BusyBox | =1.2.1 | |
| BusyBox | =1.2.2 | |
| BusyBox | =1.2.2.1 | |
| BusyBox | =1.3.0 | |
| BusyBox | =1.3.1 | |
| BusyBox | =1.3.2 | |
| BusyBox | =1.4.0 | |
| BusyBox | =1.4.1 | |
| BusyBox | =1.4.2 | |
| BusyBox | =1.5.0 | |
| BusyBox | =1.5.1 | |
| BusyBox | =1.6.0 | |
| BusyBox | =1.6.1 | |
| BusyBox | =1.7.0 | |
| BusyBox | =1.7.1 | |
| BusyBox | =1.7.2 | |
| BusyBox | =1.7.3 | |
| BusyBox | =1.8.0 | |
| BusyBox | =1.8.1 | |
| BusyBox | =1.8.2 | |
| BusyBox | =1.9.0 | |
| BusyBox | =1.9.1 | |
| BusyBox | =1.9.2 | |
| BusyBox | =1.10.0 | |
| BusyBox | =1.10.1 | |
| BusyBox | =1.10.2 | |
| BusyBox | =1.10.3 | |
| BusyBox | =1.10.4 | |
| BusyBox | =1.11.0 | |
| BusyBox | =1.11.1 | |
| BusyBox | =1.11.2 | |
| BusyBox | =1.11.3 | |
| BusyBox | =1.12.0 | |
| BusyBox | =1.12.1 | |
| BusyBox | =1.12.2 | |
| BusyBox | =1.12.3 | |
| BusyBox | =1.12.4 | |
| BusyBox | =1.13.0 | |
| BusyBox | =1.13.1 | |
| BusyBox | =1.13.2 | |
| BusyBox | =1.13.3 | |
| BusyBox | =1.13.4 | |
| BusyBox | =1.14.0 | |
| BusyBox | =1.14.1 | |
| BusyBox | =1.14.2 | |
| BusyBox | =1.14.3 | |
| BusyBox | =1.14.4 | |
| BusyBox | =1.15.0 | |
| BusyBox | =1.15.1 | |
| BusyBox | =1.15.2 | |
| BusyBox | =1.15.3 | |
| BusyBox | =1.16.0 | |
| BusyBox | =1.16.1 | |
| BusyBox | =1.16.2 | |
| BusyBox | =1.17.0 | |
| BusyBox | =1.17.1 | |
| BusyBox | =1.17.2 | |
| BusyBox | =1.17.3 | |
| BusyBox | =1.17.4 | |
| BusyBox | =1.18.0 | |
| BusyBox | =1.18.1 | |
| BusyBox | =1.18.2 | |
| BusyBox | =1.18.3 | |
| BusyBox | =1.18.4 | |
| BusyBox | =1.18.5 | |
| BusyBox | =1.19.0 | |
| BusyBox | =1.19.2 | |
| BusyBox | =1.19.3 | |
| BusyBox | =1.19.4 | |
| BusyBox | =1.20.0 | |
| BusyBox | =1.20.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965
- http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784
- http://lists.busybox.net/pipermail/busybox/2013-January/078864.html
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- http://rhn.redhat.com/errata/RHSA-2013-1732.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2020/Aug/20
- http://seclists.org/fulldisclosure/2020/Mar/15
- https://seclists.org/bugtraq/2019/Jun/14
- https://support.t-mobile.com/docs/DOC-21994
Frequently Asked Questions
What is the severity of CVE-2013-1813?
CVE-2013-1813 is considered a moderate vulnerability due to the improper permission settings that can lead to unauthorized access by local users.
How do I fix CVE-2013-1813?
To fix CVE-2013-1813, upgrade BusyBox to version 1.21.0 or later where the permission issue is addressed.
Which versions of BusyBox are affected by CVE-2013-1813?
CVE-2013-1813 affects BusyBox versions prior to 1.21.0, including all versions up to and including 1.20.2.
What attack vectors are associated with CVE-2013-1813?
CVE-2013-1813 can allow local users to exploit the excessive permissions on parent directories to gain unauthorized access or execute arbitrary commands.
Is CVE-2013-1813 specific to any operating systems?
CVE-2013-1813 is especially relevant to systems running affected versions of BusyBox, commonly seen in certain distributions like Red Hat Enterprise Linux 6.0 and certain routers.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- vendor/t-mobile
- canonical/asus tm-ac1900
- version/asus tm-ac1900/3.0.0.4.376_3169
- vendor/busybox
- canonical/busybox
- version/busybox/1.20.2
- version/busybox/0.38
- version/busybox/0.39
- version/busybox/0.40
- version/busybox/0.41
- version/busybox/0.42
- version/busybox/0.43
- version/busybox/0.45
- version/busybox/0.46
- version/busybox/0.47
- version/busybox/0.48
- version/busybox/0.49
- version/busybox/0.50
- version/busybox/0.51
- version/busybox/0.52
- version/busybox/0.60.0
- version/busybox/0.60.1
- version/busybox/0.60.2
- version/busybox/0.60.3
- version/busybox/0.60.4
- version/busybox/0.60.5
- version/busybox/1.00
- version/busybox/1.01
- version/busybox/1.1.0
- version/busybox/1.1.1
- version/busybox/1.1.2
- version/busybox/1.1.3
- version/busybox/1.2.0
- version/busybox/1.2.1
- version/busybox/1.2.2
- version/busybox/1.2.2.1
- version/busybox/1.3.0
- version/busybox/1.3.1
- version/busybox/1.3.2
- version/busybox/1.4.0
- version/busybox/1.4.1
- version/busybox/1.4.2
- version/busybox/1.5.0
- version/busybox/1.5.1
- version/busybox/1.6.0
- version/busybox/1.6.1
- version/busybox/1.7.0
- version/busybox/1.7.1
- version/busybox/1.7.2
- version/busybox/1.7.3
- version/busybox/1.8.0
- version/busybox/1.8.1
- version/busybox/1.8.2
- version/busybox/1.9.0
- version/busybox/1.9.1
- version/busybox/1.9.2
- version/busybox/1.10.0
- version/busybox/1.10.1
- version/busybox/1.10.2
- version/busybox/1.10.3
- version/busybox/1.10.4
- version/busybox/1.11.0
- version/busybox/1.11.1
- version/busybox/1.11.2
- version/busybox/1.11.3
- version/busybox/1.12.0
- version/busybox/1.12.1
- version/busybox/1.12.2
- version/busybox/1.12.3
- version/busybox/1.12.4
- version/busybox/1.13.0
- version/busybox/1.13.1
- version/busybox/1.13.2
- version/busybox/1.13.3
- version/busybox/1.13.4
- version/busybox/1.14.0
- version/busybox/1.14.1
- version/busybox/1.14.2
- version/busybox/1.14.3
- version/busybox/1.14.4
- version/busybox/1.15.0
- version/busybox/1.15.1
- version/busybox/1.15.2
- version/busybox/1.15.3
- version/busybox/1.16.0
- version/busybox/1.16.1
- version/busybox/1.16.2
- version/busybox/1.17.0
- version/busybox/1.17.1
- version/busybox/1.17.2
- version/busybox/1.17.3
- version/busybox/1.17.4
- version/busybox/1.18.0
- version/busybox/1.18.1
- version/busybox/1.18.2
- version/busybox/1.18.3
- version/busybox/1.18.4
- version/busybox/1.18.5
- version/busybox/1.19.0
- version/busybox/1.19.2
- version/busybox/1.19.3
- version/busybox/1.19.4
- version/busybox/1.20.0
- version/busybox/1.20.1