CVE-2013-6825

https://notcve.org/view.php?id=CVE-2013-6825

(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes. (1) movescu.cc y (2) storescp.cc en dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc y (6) dcmpsrcv.cc en dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc y (8) dcmqrdb/apps/dcmqrscp.cc en DCMTK 3.6.1 y anteriores no comprueba el valor de retorno de la llamada de sistema setuid, lo que permite a usuarios locales ganar privilegios mediante la creación de un número grande de procesos. • http://git.dcmtk.org/web?p=dcmtk.git%3Ba=blob%3Bf=CHANGES.361 http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html http://seclists.org/fulldisclosure/2014/Jun/11 http://secunia.com/advisories/58916 http://www.securityfocus.com/archive/1/532261/100/0/threaded http://www.securityfocus.com/bid/67784 • CWE-264: Permissions, Privileges, and Access Controls •