Privilege Escalation Flaw in lighttpd by Lighty Software
CVE-2013-4559

Currently unrated

Key Information:

Vendor

Lighttpd

Status
Lighttpd
Vendor
CVE Published:
20 November 2013

What is CVE-2013-4559?

A vulnerability exists in lighttpd versions prior to 1.4.33 due to insufficient checks on the return values of system calls such as setuid, setgid, and setgroups. This oversight may enable lighttpd to operate with root privileges if restarted, posing a risk that remote attackers can exploit by manipulating setuid failures, particularly under conditions where the user process limit is reached. The result could potentially grant unauthorized access and control, highlighting the critical need for patching and securing web server configurations.

References

http://secunia.com/advisories/55682
third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141576815022399&w=2
vendor-advisoryx_refsource_HP
http://download.lighttpd.net/lighttpd/security/lighttpd_s...
x_refsource_CONFIRM

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.