Wind River Support Network

HomeDefectsLIN5-2610
Fixed

LIN5-2610 : Security Advisory - lighttpd - CVE-2013-4559

Created: Nov 28, 2013    Updated: Dec 19, 2017
Resolved Date: Dec 19, 2013
Found In Version: 5.0.1
Fix Version: 5.0.1.11
Severity: Severe
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4559

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online