RSS   Vulnerabilities for 'S3dvt'   RSS

2018-04-06
 
CVE-2014-1226

CWE-264
 

 
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.

 
 
CVE-2013-6876

CWE-264
 

 
The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed.

 


Copyright 2024, cxsecurity.com

 

Back to Top