CVE-2013-6825
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
(1) movescu.cc y (2) storescp.cc en dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc y (6) dcmpsrcv.cc en dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc y (8) dcmqrdb/apps/dcmqrscp.cc en DCMTK 3.6.1 y anteriores no comprueba el valor de retorno de la llamada de sistema setuid, lo que permite a usuarios locales ganar privilegios mediante la creación de un número grande de procesos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-11-19 CVE Reserved
- 2014-06-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://git.dcmtk.org/web?p=dcmtk.git%3Ba=blob%3Bf=CHANGES.361 | X_refsource_confirm | |
| http://seclists.org/fulldisclosure/2014/Jun/11 | Mailing List |
|
| http://secunia.com/advisories/58916 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/532261/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/67784 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Offis Search vendor "Offis" | Dcmtk Search vendor "Offis" for product "Dcmtk" | <= 3.6.1 Search vendor "Offis" for product "Dcmtk" and version " <= 3.6.1" | - |
Affected
| ||||||
| Offis Search vendor "Offis" | Dcmtk Search vendor "Offis" for product "Dcmtk" | 3.5.1 Search vendor "Offis" for product "Dcmtk" and version "3.5.1" | - |
Affected
| ||||||
| Offis Search vendor "Offis" | Dcmtk Search vendor "Offis" for product "Dcmtk" | 3.5.2 Search vendor "Offis" for product "Dcmtk" and version "3.5.2" | - |
Affected
| ||||||
| Offis Search vendor "Offis" | Dcmtk Search vendor "Offis" for product "Dcmtk" | 3.5.2a Search vendor "Offis" for product "Dcmtk" and version "3.5.2a" | - |
Affected
| ||||||
| Offis Search vendor "Offis" | Dcmtk Search vendor "Offis" for product "Dcmtk" | 3.5.3 Search vendor "Offis" for product "Dcmtk" and version "3.5.3" | - |
Affected
| ||||||
| Offis Search vendor "Offis" | Dcmtk Search vendor "Offis" for product "Dcmtk" | 3.5.4 Search vendor "Offis" for product "Dcmtk" and version "3.5.4" | - |
Affected
| ||||||
| Offis Search vendor "Offis" | Dcmtk Search vendor "Offis" for product "Dcmtk" | 3.6.0 Search vendor "Offis" for product "Dcmtk" and version "3.6.0" | - |
Affected
| ||||||