Date: Tue, 03 Jun 2014 15:36:32 +0200 From: Hector Marco <hecmargi@....es> To: oss-security@...ts.openwall.com Subject: CVE-2013-6825 DCMTK Root Privilege escalation CVE-2013-6825 DCMTK Root Privilege escalation About DCMTK: DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images over a network connection, as well as demonstrative image storage and worklist servers Vulnerability: A bug in DCMTK for versions prior to 3.6.1 allows to do a privilege escalation. All DCMTK versions since 1993 to the current 3.6.1 (released February-2014) are affected. The vulnerable packages are: - dcmpsrcv - dcmprscp - movescu - storescp - dcmqrscp - wlmscpfs - dcmrecv Details, patches, discussion and strategy to exploit at: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html Hector Marco http://hmarco.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.