CVE-2013-6825
Published Jun 10, 2014
Last updated a year ago
Overview
- Description
- (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF9DD94E-E230-4F08-8C43-B3A60D96642F",
"versionEndIncluding": "3.6.1"
},
{
"criteria": "cpe:2.3:a:offis:dcmtk:3.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEF22C24-BE1C-455D-8AE2-B3D09F1B401A"
},
{
"criteria": "cpe:2.3:a:offis:dcmtk:3.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A01BFBE0-2251-4EE7-B2AB-44A3436B2849"
},
{
"criteria": "cpe:2.3:a:offis:dcmtk:3.5.2a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "902CB6FA-4339-4707-ACE1-AA2004C7A728"
},
{
"criteria": "cpe:2.3:a:offis:dcmtk:3.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "951D1185-1520-4EC6-A18B-234C5E1120C9"
},
{
"criteria": "cpe:2.3:a:offis:dcmtk:3.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB58D66E-5923-4FB4-9FB9-C77D349CBEF6"
},
{
"criteria": "cpe:2.3:a:offis:dcmtk:3.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B827279-90B7-4C17-9586-16E8869BD472"
}
],
"operator": "OR"
}
]
}
]