CVE-2013-6825 - DCMTK 3.6.1 - root privilege escalation

Hector Marco, Ismael Ripoll

Research output: Other contribution

Abstract

A bug in DCMTK for versions prior to 3.6.1 has been found. The bug is caused by not checking the return value of setuid() call. The process must not continue its normal execution when this call fails (return an error) to drop privileges.
Original languageEnglish
TypeCVE-2013-6825
Publisherhttp://hmarco.org
Publication statusPublished - 25 Mar 2014

Fingerprint

Dive into the research topics of 'CVE-2013-6825 - DCMTK 3.6.1 - root privilege escalation'. Together they form a unique fingerprint.

Cite this