Issue #1035
closedSuperuser vulnerabilities - CVE-2013-[6768/6769/6770]
0%
Description
I hope it's a good idea to open a bug ticket about the forum topic: http://redmine.replicant.us/boards/9/topics/6837
Summary
Replicant seems to be vulnerable to several security related superuser issues.
More informations: http://forum.xda-developers.com/showthread.php?t=2525552
I only found one single specific patch:
https://plus.google.com/103583939320326217147/posts/YpJaDwsSPsX
But in the changelog are more fixes "CVE-2013-6768, CVE-2013-6769, CVE-2013-6770" listed:
https://play.google.com/store/apps/details?id=com.koushikdutta.superuser
As mentioned by the user: http://redmine.replicant.us/users/1149 it seems to be a good idea to shift the superuser app out from the com.android.settings and use the (updateble) stand alone version from f-droid:
https://f-droid.org/repository/browse/?fdfilter=superuser&fdid=com.koushikdutta.superuser