PT-2013-4932 · Apache+2 · Apache Subversion+2

Daniel Shahaf

·

Publicado

2013-09-13

·

Atualizado

2024-06-15

·

CVE-2013-4277

CVSS v2.0

3.3

Baixa

VetorAV:L/AC:M/Au:N/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions Apache Subversion versions 1.4.0 through 1.7.12 Apache Subversion versions 1.8.0 through 1.8.1
Description The issue allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
Recommendations For Apache Subversion versions 1.4.0 through 1.7.12, update to a version outside of this range to mitigate the risk. For Apache Subversion versions 1.8.0 through 1.8.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the --pid-file option until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2015-1708
CVE-2013-4277
MGASA-2013-0275
OPENSUSE-SU-2024:10538-1
SUSE-SU-2013_1643-1
SUSE-SU-2015:0709-1

Produtos afetados

Alt Linux
Apache Subversion
Suse