Wind River Support Network

HomeDefectsLIN6-2547
Fixed

LIN6-2547 : Security Advisory - lighttpd - CVE-2013-4559

Created: Nov 28, 2013    Updated: Dec 3, 2018
Resolved Date: Dec 19, 2013
Previous ID: LIN5-2626
Found In Version: 6.0
Fix Version: 6.0.0.2
Severity: Severe
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4559

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online