cbcvebase.
CVE-2013-6825
published 2014-06-10

CVE-2013-6825: (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in…

PriorityP427high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.49%
38.4th percentile
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiandcmtk< dcmtk 3.6.1~20150629-1 (bookworm)dcmtk 3.6.1~20150629-1 (bookworm)
offisdcmtk<= 3.6.1
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk
offisdcmtk>= 0 < 3.6.1~20150629-13.6.1~20150629-1
offisdcmtk>= 0 < 3.6.1~20150629-13.6.1~20150629-1
offisdcmtk>= 0 < 3.6.1~20150629-13.6.1~20150629-1
offisdcmtk>= 0 < 3.6.1~20150629-13.6.1~20150629-1

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.