CVE-2013-6825 - DCMTK 3.6.1 - root privilege escalation

Hector Marco, Ismael Ripoll

Research output: ResearchOther contribution

Abstract

A bug in DCMTK for versions prior to 3.6.1 has been found. The bug is caused by not checking the return value of setuid() call. The process must not continue its normal execution when this call fails (return an error) to drop privileges.
LanguageEnglish
TypeCVE-2013-6825
Publisherhttp://hmarco.org
StatePublished - 25 Mar 2014

Cite this

@misc{bb80ab7b211d4ddcb25edc9a28be7564,
title = "CVE-2013-6825 - DCMTK 3.6.1 - root privilege escalation",
abstract = "A bug in DCMTK for versions prior to 3.6.1 has been found. The bug is caused by not checking the return value of setuid() call. The process must not continue its normal execution when this call fails (return an error) to drop privileges.",
author = "Hector Marco and Ismael Ripoll",
year = "2014",
month = "3",
publisher = "http://hmarco.org",
type = "Other",

}

CVE-2013-6825 - DCMTK 3.6.1 - root privilege escalation. / Marco, Hector; Ripoll, Ismael.

http://hmarco.org. 2014, CVE-2013-6825.

Research output: ResearchOther contribution

TY - GEN

T1 - CVE-2013-6825 - DCMTK 3.6.1 - root privilege escalation

AU - Marco,Hector

AU - Ripoll,Ismael

PY - 2014/3/25

Y1 - 2014/3/25

N2 - A bug in DCMTK for versions prior to 3.6.1 has been found. The bug is caused by not checking the return value of setuid() call. The process must not continue its normal execution when this call fails (return an error) to drop privileges.

AB - A bug in DCMTK for versions prior to 3.6.1 has been found. The bug is caused by not checking the return value of setuid() call. The process must not continue its normal execution when this call fails (return an error) to drop privileges.

M3 - Other contribution

PB - http://hmarco.org

ER -