Oval Definition:oval:com.ubuntu.precise:def:20134559000
Revision Date:2013-11-20Version:1
Title:CVE-2013-4559 on Ubuntu 12.04 LTS (precise) - medium.
Description:lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2013-4559
Platform(s):Ubuntu 12.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 12.04 LTS (precise) is installed.
  • AND The 'lighttpd' package in precise is affected and needs fixing.
  • BACK