CVE-2013-4777

medium

Published 2013-09-25 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.9

VIR risk

6.9

Description

A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J
https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.