CVE-2013-6876 - s3dvt root shell

Hector Marco Gisbert, Ismael Ripoll

Research output: Other contribution


A bug in s3dvt for versions prior to 0.2.2 has been found. The bug is caused by not checking the return values of setuid() and getuid() calls. The process must not continue its normal execution when any of these calls fail (return an error) to drop privileges.
Original languageEnglish
Publication statusPublished - 25 Mar 2014

Cite this