Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 03 Jun 2014 15:36:32 +0200
From: Hector Marco <>
Subject: CVE-2013-6825 DCMTK Root Privilege escalation

CVE-2013-6825 DCMTK Root Privilege escalation

About DCMTK:

DCMTK is a collection of libraries and applications implementing large parts
the DICOM standard. It includes software for examining, constructing and
converting DICOM image files, handling offline media, sending and receiving
images over a network connection, as well as demonstrative image storage and
worklist servers


A bug in DCMTK for versions prior to 3.6.1 allows to do a privilege 
All DCMTK versions since 1993 to the current 3.6.1 (released 
February-2014) are
affected. The vulnerable packages are:

- dcmpsrcv
- dcmprscp
- movescu
- storescp
- dcmqrscp
- wlmscpfs
- dcmrecv

Details, patches, discussion and strategy to exploit at:

Hector Marco

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.