Candidate: CVE-2013-6876
PublicDate: 2018-04-06 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6876
 http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
 http://www.openwall.com/lists/oss-security/2014/06/03
Description:
 The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in
 s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging
 setuid permissions and usage of bash 4.3 and earlier.  NOTE: this
 vulnerability was fixed with commit
 ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not
 changed.
Ubuntu-Description:
Notes:
 jdstrand> negligible per Debian
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_s3d:
upstream_s3d: released (0.2.2-9)
lucid_s3d: ignored (reached end-of-life)
precise_s3d: ignored (reached end-of-life)
precise/esm_s3d: DNE (precise was needs-triage)
saucy_s3d: ignored (reached end-of-life)
trusty_s3d: not-affected (0.2.2-9)
trusty/esm_s3d: DNE (trusty was not-affected [0.2.2-9])
utopic_s3d: not-affected
vivid_s3d: not-affected
vivid/stable-phone-overlay_s3d: DNE
vivid/ubuntu-core_s3d: DNE
wily_s3d: not-affected
xenial_s3d: not-affected
yakkety_s3d: not-affected
zesty_s3d: not-affected
devel_s3d: not-affected