Lucene search

[email protected]CVE-2013-7393

HistoryJul 28, 2014 - 7:55 p.m.

CVE-2013-7393

2014-07-2819:55:00

CWE-59

[email protected]

web.nvd.nist.gov

subversion

daemonize.py

cve-2013-7393

symlink attack

local privilege escalation

nvd

6.4 Medium

AI Score

Confidence

Low

2.4 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).

CPENameOperatorVersion
apache:subversionapache subversioneq1.8.0
apache:subversionapache subversioneq1.8.1

CPE	Name	Operator	Version
apache:subversion	apache subversion	eq	1.8.0
apache:subversion	apache subversion	eq	1.8.1

References

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

subversion.apache.org/security/CVE-2013-4262-advisory.txt

6.4 Medium

AI Score

Confidence

Low

2.4 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2013-7393

debiancve2 cvelist2 cve1 ubuntucve2 prion2 nessus2