CVE-2013-4559 - OpenCVE

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Lighttpd	Lighttpd
Opensuse	Opensuse

Configuration 1 [-]

cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

No data.

References

Link	Providers
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
http://jvn.jp/en/jp/JVN37417423/index.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
http://marc.info/?l=bugtraq&m=141576815022399&w=2
http://secunia.com/advisories/55682
http://www.openwall.com/lists/oss-security/2013/11/12/4
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
https://www.debian.org/security/2013/dsa-2795

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-11-19T19:00:00

Updated: 2024-08-06T16:45:14.842Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4559

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-11-20T14:12:30.727

Modified: 2021-02-26T15:14:05.913

Link: CVE-2013-4559

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-19T04:06:13", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "55682", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55682"}, {"name": "HPSBGN03191", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt"}, {"name": "openSUSE-SU-2014:0072", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html"}, {"name": "DSA-2795", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2013/dsa-2795"}, {"name": "[oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/11/12/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310"}, {"name": "JVN#37417423", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN37417423/index.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.842Z"}, "title": "CVE Program Container", "references": [{"name": "55682", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55682"}, {"name": "HPSBGN03191", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt"}, {"name": "openSUSE-SU-2014:0072", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html"}, {"name": "DSA-2795", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2013/dsa-2795"}, {"name": "[oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/11/12/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310"}, {"name": "JVN#37417423", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN37417423/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4559", "datePublished": "2013-11-19T19:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "855B05A3-31E9-4323-9BD0-CA7DF99FDD97", "versionEndExcluding": "1.4.33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached."}, {"lang": "es", "value": "lighttpd anterior a la versi\u00f3n 1.4.33 no comprueba el valor de vuelta de (1) setuid, (2) setgid, o (3) setgroups, lo que podr\u00eda causar que lighttpd se ejecute bajo administrador si es reiniciado y permitir a atacantes remotos obtener privilegios, tal y como se demostr\u00f3 con m\u00faltiples llamadas a la funci\u00f3n de clonado que provoc\u00f3 que setuid fallara cuando el l\u00edmite de proceso de usuario era alcanzado."}], "id": "CVE-2013-4559", "lastModified": "2021-02-26T15:14:05.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-20T14:12:30.727", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/en/jp/JVN37417423/index.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55682"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/11/12/4"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2013/dsa-2795"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}