CVE-2013-6774

Name of the Vulnerable Software and Affected Versions ChainsDD Superuser versions 3.1.3 and earlier CyanogenMod/ClockWorkMod/Koush Superuser versions 1.0.2.1 and earlier Chainfire SuperSU versions prior to 1.69

Description The issue allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. This can be exploited by modifying the BOOTCLASSPATH variable to point to a malicious .jar file.

Recommendations For ChainsDD Superuser versions 3.1.3 and earlier, update to a version later than 3.1.3. For CyanogenMod/ClockWorkMod/Koush Superuser versions 1.0.2.1 and earlier, update to a version later than 1.0.2.1. For Chainfire SuperSU versions prior to 1.69, update to version 1.69 or later.