Total vulnerabilities in the database
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
| Software | From | Fixed in |
|---|---|---|
| offis / dcmtk | 3.5.4 | 3.5.4.x |
| offis / dcmtk | 3.5.3 | 3.5.3.x |
| offis / dcmtk | 3.6.0 | 3.6.0.x |
| offis / dcmtk | - | 3.6.1.x |
| offis / dcmtk | 3.5.2a | 3.5.2a.x |
| offis / dcmtk | 3.5.1 | 3.5.1.x |
| offis / dcmtk | 3.5.2 | 3.5.2.x |