4 matches found
Code injection
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for 1 svnwcsub.py or 2 irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...
CVE-2013-4262
CVE-2013-4262 concerns Subversion 1.8.0–1.8.3 where the --pidfile option, used with svnwcsub.py, permits local privilege escalation via a symlink attack on the pid file when running in foreground. The related CVE-2013-7393 covers the daemonize.py path that enables privilege gains for either svnwc...
Apache Subversion 1.4.x - 1.7.12 / 1.8.x < 1.8.3 Multiple Symlink File Overwrite Vulnerabilities
The version of Subversion Server installed on the remote host is prior to version 1.8.3. It is, therefore, affected by multiple symlink file overwrite vulnerabilities : - An error exists in the function 'handleoptions' in the file 'svnwcsub.py' that could allow a local attacker to use a symlink...
CVE-2013-4262
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions ADT3. The irkerbridge.py issue is covered by...