Candidate: CVE-2013-1813 PublicDate: 2013-11-23 11:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1813 http://www.openwall.com/lists/oss-security/2013/03/03/9 Description: util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. Ubuntu-Description: Notes: seth-arnold> "low" because mdev doesn't easily support nested directories Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965 Priority: negligible Discovered-by: Assigned-to: CVSS: Patches_busybox: upstream: http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784 upstream_busybox: released (1:1.20.0-8) hardy_busybox: ignored (reached end-of-life) lucid_busybox: ignored (reached end-of-life) oneiric_busybox: ignored (reached end-of-life) precise_busybox: ignored (reached end-of-life) precise/esm_busybox: ignored (end of ESM support, was needed) quantal_busybox: ignored (reached end-of-life) raring_busybox: ignored (reached end-of-life) saucy_busybox: ignored (reached end-of-life) trusty_busybox: not-affected (1:1.21.0-1ubuntu1) trusty/esm_busybox: not-affected (1:1.21.0-1ubuntu1) utopic_busybox: not-affected (1:1.22.0-8ubuntu1) vivid_busybox: not-affected (1:1.22.0-9ubuntu1) vivid/stable-phone-overlay_busybox: not-affected (1:1.22.0-9ubuntu1) vivid/ubuntu-core_busybox: not-affected (1:1.22.0-9ubuntu1) wily_busybox: not-affected (1:1.22.0-9ubuntu1) xenial_busybox: not-affected (1:1.22.0-9ubuntu1) esm-infra/xenial_busybox: not-affected (1:1.22.0-9ubuntu1) yakkety_busybox: not-affected (1:1.22.0-9ubuntu1) zesty_busybox: not-affected (1:1.22.0-9ubuntu1) artful_busybox: not-affected (1:1.22.0-9ubuntu1) bionic_busybox: not-affected (1:1.22.0-9ubuntu1) cosmic_busybox: not-affected (1:1.22.0-9ubuntu1) disco_busybox: not-affected (1:1.22.0-9ubuntu1) eoan_busybox: not-affected (1:1.22.0-9ubuntu1) focal_busybox: not-affected (1:1.22.0-9ubuntu1) groovy_busybox: not-affected (1:1.22.0-9ubuntu1) hirsute_busybox: not-affected (1:1.22.0-9ubuntu1) devel_busybox: not-affected (1:1.22.0-9ubuntu1)