7.6

CVE-2013-4559

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LighttpdLighttpd Version < 1.4.33
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.72% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://jvn.jp/en/jp/JVN37417423/index.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=141576815022399&w=2
Third Party Advisory
Issue Tracking
http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2013/dsa-2795
Third Party Advisory
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
Vendor Advisory
http://secunia.com/advisories/55682
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/11/12/4
Third Party Advisory
Mailing List
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
Third Party Advisory