CVE-2013-6876 -  s3dvt root shell

Hector Marco Gisbert; Ismael Ripoll

CVE-2013-6876 - s3dvt root shell

Hector Marco Gisbert
, Ismael Ripoll

Research output: Other contribution

Abstract

A bug in s3dvt for versions prior to 0.2.2 has been found. The bug is caused by not checking the return values of setuid() and getuid() calls. The process must not continue its normal execution when any of these calls fail (return an error) to drop privileges.

Original language	English
Type	CVE-2013-6876
Publisher	http://hmarco.org
Publication status	Published - 25 Mar 2014

Access to Document

http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html

Cite this

@misc{359920e17e354f0d8d935d1f45f60a63,

title = "CVE-2013-6876 - s3dvt root shell",

abstract = "A bug in s3dvt for versions prior to 0.2.2 has been found. The bug is caused by not checking the return values of setuid() and getuid() calls. The process must not continue its normal execution when any of these calls fail (return an error) to drop privileges. ",

author = "\{Marco Gisbert\}, Hector and Ismael Ripoll",

year = "2014",

month = mar,

day = "25",

language = "English",

publisher = "http://hmarco.org",

address = "United Kingdom",

type = "Other",

}

TY - GEN

T1 - CVE-2013-6876 - s3dvt root shell

AU - Marco Gisbert, Hector

AU - Ripoll, Ismael

PY - 2014/3/25

Y1 - 2014/3/25

N2 - A bug in s3dvt for versions prior to 0.2.2 has been found. The bug is caused by not checking the return values of setuid() and getuid() calls. The process must not continue its normal execution when any of these calls fail (return an error) to drop privileges.

AB - A bug in s3dvt for versions prior to 0.2.2 has been found. The bug is caused by not checking the return values of setuid() and getuid() calls. The process must not continue its normal execution when any of these calls fail (return an error) to drop privileges.

M3 - Other contribution

PB - http://hmarco.org

ER -

CVE-2013-6876 - s3dvt root shell

Abstract

Access to Document

Fingerprint

Cite this