Privilege Escalation Vulnerability in DCMTK by Offis
CVE-2013-6825

Currently unrated

Key Information:

Vendor: Offis
Status: Dcmtk
Vendor: CVE Published:; 10 June 2014

What is CVE-2013-6825?

The privilege escalation vulnerability in DCMTK versions up to 3.6.1 arises from the failure to check the return value of the setuid system call in various components, including movescu.cc and storescp.cc. This oversight allows local users to create an excessive number of processes, ultimately leading to unauthorized privilege elevation and potential system compromises.

References

http://www.securityfocus.com/archive/1/532261/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/126883/DCMTK-Privile...

x_refsource_MISC

http://secunia.com/advisories/58916

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2014
Vulnerability Reserved
Nov 19, 2013