CVE-2013-6825

Published Jun 10, 2014

Last updated 3 months ago

CVSS info 7.2

Overview

Description: (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF9DD94E-E230-4F08-8C43-B3A60D96642F",
            "versionEndIncluding": "3.6.1"
          },
          {
            "criteria": "cpe:2.3:a:offis:dcmtk:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEF22C24-BE1C-455D-8AE2-B3D09F1B401A"
          },
          {
            "criteria": "cpe:2.3:a:offis:dcmtk:3.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A01BFBE0-2251-4EE7-B2AB-44A3436B2849"
          },
          {
            "criteria": "cpe:2.3:a:offis:dcmtk:3.5.2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "902CB6FA-4339-4707-ACE1-AA2004C7A728"
          },
          {
            "criteria": "cpe:2.3:a:offis:dcmtk:3.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "951D1185-1520-4EC6-A18B-234C5E1120C9"
          },
          {
            "criteria": "cpe:2.3:a:offis:dcmtk:3.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB58D66E-5923-4FB4-9FB9-C77D349CBEF6"
          },
          {
            "criteria": "cpe:2.3:a:offis:dcmtk:3.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B827279-90B7-4C17-9586-16E8869BD472"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References