CVE-2013-1813

Description

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

How to fix CVE-2013-1813

To remediate CVE-2013-1813, upgrade the affected package to a fixed version below.

• Debian/busybox—upgrade to 1:1.20.0-8 or later

Is CVE-2013-1813 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:1.20.0-8

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-1813