CVE-2013-4559
high
CVSS v3
—
CVSS v2
7.6
VIR risk
7.6
Description
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4559
Vendor advisory: secalert@redhat.com — http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 1.4.33-1+nmu1 |
| debian | bullseye | fixed | 1.4.33-1+nmu1 |
| debian | forky | fixed | 1.4.33-1+nmu1 |
| debian | sid | fixed | 1.4.33-1+nmu1 |
| debian | trixie | fixed | 1.4.33-1+nmu1 |
| debian | 6.0 | affected | |
| debian | 7.0 | affected | |
| debian | 8.0 | affected | |
| suse | 12.2 | affected | |
| suse | 12.3 | affected | |
| suse | 13.1 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| lighttpd | lighttpd | {"endExcluding":"1.4.33"} | 1.4.33 |
References
- http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
- http://jvn.jp/en/jp/JVN37417423/index.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
- http://marc.info/?l=bugtraq&m=141576815022399&w=2
- http://secunia.com/advisories/55682
- http://www.openwall.com/lists/oss-security/2013/11/12/4
- https://kc.mcafee.com/corporate/index?page=content&id=SB10310
- https://www.debian.org/security/2013/dsa-2795
- https://security-tracker.debian.org/tracker/CVE-2013-4559
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.