VDB
CVE-2013-6825
CVE-2013-6825
PUBLISHED
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
EPSS 0.11% · 29.4th percentile
Risk Scores
EPSS Score
0.11%
29.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:24.04:LTS | dcmtk | 3.6.7-9, 3.6.7-9.1build2, 3.6.7-9.1build3 |
| Ubuntu:25.10 | dcmtk | 3.6.9-5, 3.6.9-5build1, 0 |
Exploit Intelligence
- 20140602 CVE-2013-6825 DCMTK Root Privilege escalation (circl)
- 58916 (circl)
- http://git.dcmtk.org/web?p=dcmtk.git%3Ba=blob%3Bf=CHANGES.361 (circl)
- 67784 (circl)
- 20140604 CVE-2013-6825 DCMTK Root Privilege escalation (circl)
- http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html (vulncheck-nvd)
Timeline
- Jun 10, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-6825 third-party-advisory
- http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html third-party-advisory
- http://secunia.com/advisories/58916 third-party-advisory
- http://seclists.org/fulldisclosure/2014/Jun/11 third-party-advisory
- http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html third-party-advisory
- http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-6825 third-party-advisory