The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /syste