Lucene search

K

Ubuntu.comUB:CVE-2013-4559

HistoryNov 20, 2013 - 12:00 a.m.

CVE-2013-4559

2013-11-2000:00:00

ubuntu.com

ubuntu.com

17

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.8%

lighttpd before 1.4.33 does not check the return value of the (1) setuid,
(2) setgid, or (3) setgroups functions, which might cause lighttpd to run
as root if it is restarted and allows remote attackers to gain privileges,
as demonstrated by multiple calls to the clone function that cause setuid
to fail when the user process limit is reached.

References

download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt

lists.debian.org/debian-security-announce/2013/msg00207.html

launchpad.net/bugs/cve/CVE-2013-4559

nvd.nist.gov/vuln/detail/CVE-2013-4559

security-tracker.debian.org/tracker/CVE-2013-4559

www.cve.org/CVERecord?id=CVE-2013-4559

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.8%

Related for UB:CVE-2013-4559

cve1 prion1 debiancve1 nessus10 osv1 debian2 openvas9 amazon1 securityvulns2 freebsd1 mageia1 fedora2 gentoo1 jvn1