Bug 850468 (CVE-2013-4559) - VUL-0: CVE-2013-4559: lighttpd: privilege escalation from lighttpd configured user
Summary: VUL-0: CVE-2013-4559: lighttpd: privilege escalation from lighttpd configured...
Status: RESOLVED FIXED
Alias: CVE-2013-4559
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2013-11-28
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:running:55104:moderate maint:re...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-14 13:55 UTC by Victor Pereira
Modified: 2014-01-15 17:04 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2013-11-14 13:55:32 UTC 
CVE-2013-4559

In certain cases setuid() and similar can fail; if an environment limits 
the number of processes a user can have, setuid() might fail if the target 
uid already is at the limit.

A user who can execute processes with the same userid (for example by 
having write access to CGI scripts) could clone() often; in this case 
a lighttpd restart would end up with lighttpd running as root, and the 
CGI scripts would run as root too.

It could be possible that remote users could trigger many processes too, and 
trigger a restart using a different bug in lighttpd.


References:
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4559
https://bugzilla.redhat.com/show_bug.cgi?id=1029663
Comment 1 Swamp Workflow Management 2013-11-14 14:03:46 UTC 
The SWAMPID for this issue is 55103.
This issue was rated as moderate.
Please submit fixed packages until 2013-11-28.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Swamp Workflow Management 2013-11-14 23:00:30 UTC 
bugbot adjusting priority
Comment 3 Marcus Meissner 2013-12-03 08:27:48 UTC 
ping????
Comment 4 Marcus Rückert 2013-12-11 11:23:04 UTC 
submitted for all distros
Comment 6 Swamp Workflow Management 2014-01-13 14:49:46 UTC 
Update released for: lighttpd, lighttpd-debuginfo, lighttpd-debugsource, lighttpd-mod_cml, lighttpd-mod_magnet, lighttpd-mod_mysql_vhost, lighttpd-mod_rrdtool, lighttpd-mod_trigger_b4_dl, lighttpd-mod_webdav
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-HAE 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
Comment 7 Swamp Workflow Management 2014-01-13 15:45:51 UTC 
Update released for: lighttpd, lighttpd-debuginfo, lighttpd-debugsource, lighttpd-mod_cml, lighttpd-mod_magnet, lighttpd-mod_mysql_vhost, lighttpd-mod_rrdtool, lighttpd-mod_trigger_b4_dl, lighttpd-mod_webdav
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-HAE 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
Comment 8 Marcus Meissner 2014-01-14 08:30:15 UTC 
opensuse fixes required?
Comment 9 Marcus Meissner 2014-01-14 08:33:22 UTC 
ah, i saw the update in the queue now. sorry
Comment 10 Sebastian Krahmer 2014-01-15 15:56:33 UTC 
released
Comment 11 Swamp Workflow Management 2014-01-15 16:05:48 UTC 
openSUSE-SU-2014:0072-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 849059,850468,850469
CVE References: CVE-2013-4508,CVE-2013-4559,CVE-2013-4560
Sources used:
openSUSE 13.1 (src):    lighttpd-1.4.32-2.5.1
openSUSE 12.3 (src):    lighttpd-1.4.31-6.5.1
openSUSE 12.2 (src):    lighttpd-1.4.31-4.13.1
Comment 12 Swamp Workflow Management 2014-01-15 17:04:41 UTC 
openSUSE-SU-2014:0074-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (moderate)
Bug References: 790258,849059,850468,850469
CVE References: CVE-2012-5533
Sources used:
openSUSE 11.4 (src):    lighttpd-1.4.32-37.1