CVE-2013-6876
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2013-6876
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-6876.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2013-6876
- Related
- Published
- 2018-04-06T17:29:00Z
- Modified
- 2024-11-21T01:59:53Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The (1) ptyinitterminal and (2) pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed.
- References
-
- http://packetstormsecurity.com/files/126887/s3dvt-Privilege-Escalation.html
- http://www.securityfocus.com/bid/67789
- http://seclists.org/fulldisclosure/2014/Jun/10
- http://www.openwall.com/lists/oss-security/2014/06/03/11
- http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
- http://www.securityfocus.com/archive/1/532258/100/0/threaded
- http://www.securityfocus.com/archive/1/532276/100/0/threaded
- https://security-tracker.debian.org/tracker/CVE-2013-6876
Affected packages
Debian:11 / s3d
Package
- Name
- s3d
- Purl
- pkg:deb/debian/s3d?arch=source
Debian:12 / s3d
Package
- Name
- s3d
- Purl
- pkg:deb/debian/s3d?arch=source
Debian:13 / s3d
Package
- Name
- s3d
- Purl
- pkg:deb/debian/s3d?arch=source