CVE-2013-4559
published 2013-11-20CVE-2013-4559: lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if…
PriorityP349high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
10.72%
95.3th percentile
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | lighttpd | < lighttpd 1.4.33-1+nmu1 (bookworm) | lighttpd 1.4.33-1+nmu1 (bookworm) |
| lighttpd | lighttpd | < 1.4.33 | 1.4.33 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu1 | 1.4.33-1+nmu1 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu1 | 1.4.33-1+nmu1 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu1 | 1.4.33-1+nmu1 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu1 | 1.4.33-1+nmu1 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pfcc-94ff-p2cv: lighttpd before 1
ghsa_unreviewed·2022-05-13
CVE-2013-4559 [HIGH] GHSA-pfcc-94ff-p2cv: lighttpd before 1
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
OSV
CVE-2013-4559: lighttpd before 1
osv·2013-11-20·CVSS 7.6
CVE-2013-4559 [HIGH] CVE-2013-4559: lighttpd before 1
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
Debian
CVE-2013-4559: lighttpd - lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) se...
vendor_debian·2013·CVSS 7.6
CVE-2013-4559 [HIGH] CVE-2013-4559: lighttpd - lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) se...
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
Scope: local
bookworm: resolved (fixed in 1.4.33-1+nmu1)
bullseye: resolved (fixed in 1.4.33-1+nmu1)
forky: resolved (fixed in 1.4.33-1+nmu1)
sid: resolved (fixed in 1.4.33-1+nmu1)
trixie: resolved (fixed in 1.4.33-1+nmu1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4559 lighttpd: setuid/setgid/setgroups return value check
bugzilla·2013-11-12·CVSS 7.6
CVE-2013-4559 [HIGH] CVE-2013-4559 lighttpd: setuid/setgid/setgroups return value check
CVE-2013-4559 lighttpd: setuid/setgid/setgroups return value check
Stefan Bühler of the lighthttpd project reports:
setuid/setgid/setgroups return values not checked
Description
Privilege escalation from lighttpd user ("www-data").
This bug was found with the clang static analyzer.
Attack scenario
In certain cases setuid() and similar can fail; if an environment limits
the number of processes a user can have, setuid() might fail if the target
uid already is at the limit.
A user who can execute processes with the same userid (for example by
having write access to CGI scripts) could clone() often; in this case
a lighttpd restart would end up with lighttpd running as root, and the
CGI scripts would run as root too.
It could be possible that remote users could trigger many processes t
Bugzilla
CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [fedora-all]
bugzilla·2013-11-12·CVSS 7.6
CVE-2013-4560 [HIGH] CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [fedora-all]
CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple
Bugzilla
CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [epel-all]
bugzilla·2013-11-12·CVSS 7.6
CVE-2013-4560 [HIGH] CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [epel-all]
CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multi
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txthttp://jvn.jp/en/jp/JVN37417423/index.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00049.htmlhttp://marc.info/?l=bugtraq&m=141576815022399&w=2http://secunia.com/advisories/55682http://www.openwall.com/lists/oss-security/2013/11/12/4https://kc.mcafee.com/corporate/index?page=content&id=SB10310https://www.debian.org/security/2013/dsa-2795http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txthttp://jvn.jp/en/jp/JVN37417423/index.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00049.htmlhttp://marc.info/?l=bugtraq&m=141576815022399&w=2http://secunia.com/advisories/55682http://www.openwall.com/lists/oss-security/2013/11/12/4https://kc.mcafee.com/corporate/index?page=content&id=SB10310https://www.debian.org/security/2013/dsa-2795
2013-11-20
Published