Vulnerability CVE-2013-4559

Vulnerability Name:

CVE-2013-4559 (CCN-88878)

Assigned:

2013-11-12

Published:

2013-11-12

Updated:

2021-02-26

Summary:

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2013-4559

Source: CCN
Type: lighttpd SVN Repository Web Site
lighttpd SVN Repository

Source: CCN
Type: lighttpd Web site
setuid/setgid/setgroups return values not checked

Source: CONFIRM
Type: Vendor Advisory
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt

Source: JVN
Type: Third Party Advisory
JVN#37417423

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2014:0072

Source: HP
Type: Issue Tracking, Third Party Advisory
HPSBGN03191

Source: CCN
Type: oss-sec Mailing List, Tue, 12 Nov 2013 11:13:14 -0700
Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)

Source: CCN
Type: SA55634
lighttpd Improper Privileges Weakness

Source: SECUNIA
Type: Third Party Advisory
55682

Source: DEBIAN
Type: DSA-2795
lighttpd -- several vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)

Source: CCN
Type: BID-63688
lighttpd CVE-2013-4559 Local Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
lighttpd-cve20134559-privilege-escalation(88878)

Source: CONFIRM
Type: Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10310

Source: DEBIAN
Type: Third Party Advisory
DSA-2795

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4559

Vulnerable Configuration:

Configuration 1:

cpe:/a:lighttpd:lighttpd:*:*:*:*:*:*:*:* (Version < 1.4.33)

Configuration 2:

cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:lighttpd:lighttpd:1.4.31:*:*:*:*:*:*:*

OR cpe:/a:lighttpd:lighttpd:1.4.33:*:*:*:*:*:*:*

OR cpe:/a:lighttpd:lighttpd:1.4.32:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134559	V	CVE-2013-4559	2022-09-02
oval:org.opensuse.security:def:6349	P	Security update for libgda (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:6327	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:6326	P	Security update for netatalk (Important)	2022-04-13
oval:org.opensuse.security:def:6361	P	Security update for the Linux Kernel (Important)	2022-03-09
oval:org.opensuse.security:def:6337	P	Security update for polkit (Important)	2022-01-25
oval:org.opensuse.security:def:112948	P	lighttpd-1.4.37-1.6 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:6293	P	Security update for virglrenderer (Important) (in QA)	2022-01-17
oval:org.opensuse.security:def:6304	P	Security update for clamav-database (Important)	2022-01-17
oval:org.opensuse.security:def:6296	P	Security update for net-snmp (Important)	2022-01-11
oval:org.opensuse.security:def:6285	P	Security update for clamav-database (Important)	2022-01-03
oval:org.opensuse.security:def:7288	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:6307	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:7278	P	Security update for the Linux Kernel (Important)	2021-11-11
oval:org.opensuse.security:def:6457	P	Security update for the Linux Kernel (Important)	2021-10-15
oval:org.opensuse.security:def:7277	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:106402	P	lighttpd-1.4.37-1.6 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:7266	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Important)	2021-09-16
oval:org.opensuse.security:def:6453	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:6476	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:7255	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:12774	P	lighttpd-1.4.35-1.34 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:123991	P	lighttpd-1.4.35-3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12785	P	lighttpd-1.4.35-3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12796	P	lighttpd-1.4.35-3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:6445	P	Security update for the Linux Kernel (Important)	2021-04-16
oval:org.opensuse.security:def:7244	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:6319	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:6464	P	Security update for java-1_8_0-ibm (Important)	2021-03-01
oval:org.opensuse.security:def:6315	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:6442	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-23
oval:org.opensuse.security:def:12808	P	lighttpd-1.4.35-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:6395	P	libldap-2_4-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6617	P	gnome-settings-daemon on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6595	P	eog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6564	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6604	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6597	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6551	P	accountsservice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6408	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6628	P	gstreamer-plugins-bad on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6606	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6576	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6517	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6423	P	libpython2_7-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6372	P	libexif12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6615	P	gnome-keyring on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6609	P	gdm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6542	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7300	P	lighttpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6419	P	libpoppler-glib8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6640	P	imobiledevice-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6618	P	gnome-shell on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6575	P	ctags on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6528	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6434	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6383	P	libgypsy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6627	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6584	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6553	P	apparmor-docs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6430	P	libsilc-1_1-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6593	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6586	P	dnsmasq on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6539	P	xorg-x11-libs on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:28476	P	DSA-2795-2 -- lighttpd -- several vulnerabilities	2015-08-17
oval:org.mitre.oval:def:20141	P	DSA-2795-1 lighttpd - several	2014-06-23
oval:com.ubuntu.precise:def:20134559000	V	CVE-2013-4559 on Ubuntu 12.04 LTS (precise) - medium.	2013-11-20
oval:com.ubuntu.trusty:def:20134559000	V	CVE-2013-4559 on Ubuntu 14.04 LTS (trusty) - medium.	2013-11-20
oval:com.ubuntu.xenial:def:20134559000	V	CVE-2013-4559 on Ubuntu 16.04 LTS (xenial) - medium.	2013-11-20
oval:com.ubuntu.xenial:def:201345590000000	V	CVE-2013-4559 on Ubuntu 16.04 LTS (xenial) - medium.	2013-11-20

BACK