Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2013-0275
HistorySep 14, 2013 - 12:14 a.m.

Updated subversion package fixes security vulnerability.

2013-09-1400:14:09
Gentoo Foundation
advisories.mageia.org
7

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

svnserve takes a --pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destination could be replaced by a symlink allowing for privilege escalation. svnserve does not create a pid file by default (CVE-2013-4277).

OSVersionArchitecturePackageVersionFilename
Mageia2noarchsubversion< 1.7.13-1subversion-1.7.13-1.mga2
Mageia3noarchsubversion< 1.7.13-1subversion-1.7.13-1.mga3

Related

fedora 1
nessus 7
openvas 5
ubuntucve 1
securityvulns 2
debiancve 1
freebsd 1
prion 1
cve 1
slackware 1
gentoo 1
fedora
fedora
[SECURITY] Fedora 19 Update: subversion-1.7.13-1.fc19
2013-09-08 00:33:23
nessus
nessus
Slackware 14.0 / current : subversion (SSA:2013-251-01)
2013-09-10 00:00:00
Mandriva Linux Security Advisory : subversion (MDVSA-2013:236)
2013-09-18 00:00:00
Fedora 19 : subversion-1.7.13-1.fc19 (2013-15717)
2013-09-08 00:00:00
openvas
openvas
Fedora Update for subversion FEDORA-2013-15717
2013-09-12 00:00:00
Slackware: Security Advisory (SSA:2013-251-01)
2022-04-21 00:00:00
Fedora Update for subversion FEDORA-2013-15717
2013-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2013-4277
2013-09-16 00:00:00
securityvulns
securityvulns
[slackware-security] subversion &#40;SSA:2013-251-01&#41;
2013-09-11 00:00:00
Subversion symbolic links vulnerabilitiy
2013-09-11 00:00:00
debiancve
debiancve
CVE-2013-4277
2013-09-16 19:14:00
freebsd
freebsd
svnserve is vulnerable to a local privilege escalation vulnerability via symlink attack.
2013-08-30 00:00:00
prion
prion
Design/Logic Flaw
2013-09-16 19:14:00
cve
cve
CVE-2013-4277
2013-09-16 19:14:00
slackware
slackware
[slackware-security] subversion
2013-09-09 07:00:05
gentoo
gentoo
Subversion: Multiple vulnerabilities
2013-09-23 00:00:00

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for MGASA-2013-0275
fedora1nessus7openvas5ubuntucve1securityvulns2debiancve1freebsd1prion1cve1slackware1gentoo1