CVE-2013-4559 — Lighttpd vulnerability

CWE-2648 documents6 sources

Severity

7.6HIGHNVD

EPSS

9.5%

top 7.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lighttpd Debian Lighttpd Debian Linux +1 more

Timeline

PublishedNov 20

Latest updateDec 29

Description

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages4 packages

▶debiandebian/lighttpd< lighttpd 1.4.33-1+nmu1 (bookworm)

▶NVDlighttpd/lighttpd< 1.4.33

▶Debianlighttpd/lighttpd< 1.4.33-1+nmu1+3

▶NVDopensuse/opensuse12.2, 12.3, 13.1+2

Also affects: Debian Linux 6.0, 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-pfcc-94ff-p2cv: lighttpd before 1↗2022-05-13

▶

OSV

CVE-2013-4559: lighttpd before 1↗2013-11-20

▶

📋Vendor Advisories

Debian

CVE-2013-4559: lighttpd - lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) se...↗2013

▶

📄Research Papers

arXiv

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29

▶

💬Community

Bugzilla

CVE-2013-4559 lighttpd: setuid/setgid/setgroups return value check↗2013-11-12

▶

Bugzilla

CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [fedora-all]↗2013-11-12

▶

Bugzilla

CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [epel-all]↗2013-11-12

▶