CVE-2013-6876 - OpenCVE

The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
S3dvt Project	S3dvt

Configuration 1 [-]

cpe:2.3:a:s3dvt_project:s3dvt:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
http://packetstormsecurity.com/files/126887/s3dvt-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Jun/10
http://www.openwall.com/lists/oss-security/2014/06/03/11
http://www.securityfocus.com/archive/1/532258/100/0/threaded
http://www.securityfocus.com/archive/1/532276/100/0/threaded
http://www.securityfocus.com/bid/67789

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-04-06T17:00:00

Updated: 2024-08-06T17:53:44.745Z

Reserved: 2013-11-26T00:00:00

Link: CVE-2013-6876

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-04-06T17:29:00.190

Modified: 2018-10-09T19:35:00.767

Link: CVE-2013-6876

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-02T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "67789", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67789"}, {"name": "[oss-security] 20140603 CVE-2013-6876 s3dvt Root shell", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/11"}, {"name": "20140602 [FD] CVE-2013-6876 s3dvt Root shell", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/532258/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/126887/s3dvt-Privilege-Escalation.html"}, {"name": "20140603 CVE-2013-6876 s3dvt Root shell", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/532276/100/0/threaded"}, {"name": "20140604 CVE-2013-6876 s3dvt Root shell", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Jun/10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6876", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67789", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67789"}, {"name": "[oss-security] 20140603 CVE-2013-6876 s3dvt Root shell", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/03/11"}, {"name": "20140602 [FD] CVE-2013-6876 s3dvt Root shell", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/532258/100/0/threaded"}, {"name": "http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html", "refsource": "MISC", "url": "http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html"}, {"name": "http://packetstormsecurity.com/files/126887/s3dvt-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/126887/s3dvt-Privilege-Escalation.html"}, {"name": "20140603 CVE-2013-6876 s3dvt Root shell", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/532276/100/0/threaded"}, {"name": "20140604 CVE-2013-6876 s3dvt Root shell", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Jun/10"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:53:44.745Z"}, "title": "CVE Program Container", "references": [{"name": "67789", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67789"}, {"name": "[oss-security] 20140603 CVE-2013-6876 s3dvt Root shell", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/11"}, {"name": "20140602 [FD] CVE-2013-6876 s3dvt Root shell", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/532258/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/126887/s3dvt-Privilege-Escalation.html"}, {"name": "20140603 CVE-2013-6876 s3dvt Root shell", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/532276/100/0/threaded"}, {"name": "20140604 CVE-2013-6876 s3dvt Root shell", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Jun/10"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6876", "datePublished": "2018-04-06T17:00:00", "dateReserved": "2013-11-26T00:00:00", "dateUpdated": "2024-08-06T17:53:44.745Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:s3dvt_project:s3dvt:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2476A16-FD06-44DE-AB58-7E54A06CD971", "versionEndIncluding": "0.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed."}, {"lang": "es", "value": "Las funciones (1) pty_init_terminal y (2) pipe_init_terminal en main.c en s3dvt, en versiones 0.2.2 y anteriores, permiten que usuarios locales obtengan privilegios aprovechando los permisos setuid y el uso de bash en versiones 4.3 y anteriores. NOTA: la vulnerabilidad se solucion\u00f3 con el commit con ID ad732f00b411b092c66a04c359da0f16ec3b387, pero el n\u00famero de versi\u00f3n no cambi\u00f3."}], "id": "CVE-2013-6876", "lastModified": "2018-10-09T19:35:00.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-06T17:29:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/126887/s3dvt-Privilege-Escalation.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2014/Jun/10"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/11"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/532258/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/532276/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/67789"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}