CVE-2013-6825

(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.

Affected Software

Name	Vendor	Start Version	End Version
Dcmtk	Offis	*	3.6.1 (including)
Dcmtk	Offis	3.5.1 (including)	3.5.1 (including)
Dcmtk	Offis	3.5.2 (including)	3.5.2 (including)
Dcmtk	Offis	3.5.2a (including)	3.5.2a (including)
Dcmtk	Offis	3.5.3 (including)	3.5.3 (including)
Dcmtk	Offis	3.5.4 (including)	3.5.4 (including)
Dcmtk	Offis	3.6.0 (including)	3.6.0 (including)
Dcmtk	Ubuntu	artful	*
Dcmtk	Ubuntu	cosmic	*
Dcmtk	Ubuntu	devel	*
Dcmtk	Ubuntu	disco	*
Dcmtk	Ubuntu	eoan	*
Dcmtk	Ubuntu	esm-apps/noble	*
Dcmtk	Ubuntu	groovy	*
Dcmtk	Ubuntu	hirsute	*
Dcmtk	Ubuntu	impish	*
Dcmtk	Ubuntu	lucid	*
Dcmtk	Ubuntu	lunar	*
Dcmtk	Ubuntu	mantic	*
Dcmtk	Ubuntu	noble	*
Dcmtk	Ubuntu	oracular	*
Dcmtk	Ubuntu	plucky	*
Dcmtk	Ubuntu	precise	*
Dcmtk	Ubuntu	questing	*
Dcmtk	Ubuntu	saucy	*
Dcmtk	Ubuntu	trusty	*
Dcmtk	Ubuntu	upstream	*
Dcmtk	Ubuntu	utopic	*
Dcmtk	Ubuntu	vivid	*
Dcmtk	Ubuntu	wily	*
Dcmtk	Ubuntu	xenial	*
Dcmtk	Ubuntu	yakkety	*
Dcmtk	Ubuntu	zesty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-6825
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References