CVE-2013-6825
published 2014-06-10CVE-2013-6825: (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in…
PriorityP427high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.49%
38.4th percentile
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dcmtk | < dcmtk 3.6.1~20150629-1 (bookworm) | dcmtk 3.6.1~20150629-1 (bookworm) |
| offis | dcmtk | <= 3.6.1 | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | >= 0 < 3.6.1~20150629-1 | 3.6.1~20150629-1 |
| offis | dcmtk | >= 0 < 3.6.1~20150629-1 | 3.6.1~20150629-1 |
| offis | dcmtk | >= 0 < 3.6.1~20150629-1 | 3.6.1~20150629-1 |
| offis | dcmtk | >= 0 < 3.6.1~20150629-1 | 3.6.1~20150629-1 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-6825: dcmtk - (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4...
vendor_debian·2013·CVSS 7.2
CVE-2013-6825 [HIGH] CVE-2013-6825: dcmtk - (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4...
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
Scope: local
bookworm: resolved (fixed in 3.6.1~20150629-1)
bullseye: resolved (fixed in 3.6.1~20150629-1)
forky: resolved (fixed in 3.6.1~20150629-1)
sid: resolved (fixed in 3.6.1~20150629-1)
trixie: resolved (fixed in 3.6.1~20150629-1)
GHSA
GHSA-9xf4-22r3-7ccc: (1) movescu
ghsa_unreviewed·2022-05-14
CVE-2013-6825 [HIGH] GHSA-9xf4-22r3-7ccc: (1) movescu
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
OSV
CVE-2013-6825: (1) movescu
osv·2014-06-10·CVSS 7.2
CVE-2013-6825 [HIGH] CVE-2013-6825: (1) movescu
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all]
bugzilla·2014-06-03·CVSS 7.2
CVE-2013-6825 [HIGH] CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all]
CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects multi
Bugzilla
CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails
bugzilla·2014-06-03·CVSS 7.2
CVE-2013-6825 [HIGH] CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails
CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails
It was reported that a number of dcmtk utilities did not handle setuid() failures. If the setuid() call failed, the utilities would continue running with elevated privileges, possibly leading to privilege escalation.
The original report notes the following limitations:
""
- the tool is installed with suid bit
- the tool is run from an unprivileged user
- the kernel is configured to limit the number of processes per user
""
From looking at the spec file, it seems the suid bit is not used, so these may not be exploitable on Fedora.
Upstream fix: http://hmarco.org/bugs/patches/dcmtk-3.6.1-drop-privileges-fixed.patch
References:
http://packetstormsecurity.com/files/126883/dcmtk-escalate.txt
http://hmarco.org/bugs/dcmtk-
arXiv
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
arxiv_fulltext·2022-09-26
Timeloops: Automatic System Call Policy Learning for Containerized Microservices
Meghna Pancholi
[email protected]
Columbia University
Andreas D. Kellas
[email protected]
Columbia University
Vasileios P. Kemerlis
[email protected]
Brown University
Simha Sethumadhavan
[email protected]
Columbia University
## Abstract
We introduce , a novel technique for automatically learning system
call filtering policies for containerized microservices applications. At
run-time, automatically learns which system calls a program should
be allowed to invoke, while rejecting attempts to call spurious system calls.
Further, addresses many of the shortcomings of state-of-the-art
static analysis-based techniques, such as the ability to generate tight filters
for programs written in interpreted languages such as PHP, Python, and
JavaScript. has a simple and rob
http://git.dcmtk.org/web?p=dcmtk.git%3Ba=blob%3Bf=CHANGES.361http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2014/Jun/11http://secunia.com/advisories/58916http://www.securityfocus.com/archive/1/532261/100/0/threadedhttp://www.securityfocus.com/bid/67784http://git.dcmtk.org/web?p=dcmtk.git%3Ba=blob%3Bf=CHANGES.361http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2014/Jun/11http://secunia.com/advisories/58916http://www.securityfocus.com/archive/1/532261/100/0/threadedhttp://www.securityfocus.com/bid/67784
2014-06-10
Published