CVE-2006-1166

Name of the Vulnerable Software and Affected Versions Monotone versions 0.25 and earlier

Description The issue allows context-dependent attackers to execute arbitrary Lua programs as the user running the software. This occurs when a user creates a file in a directory called "mt" and checks it out on a case-insensitive file system, such as Windows or Mac OS X, causing the file to be placed into the "MT" bookkeeping directory.

Recommendations For Monotone versions 0.25 and earlier, consider avoiding the creation of files in directories named "mt" on case-insensitive file systems until a fix is available. As a temporary workaround, restrict access to the "MT" bookkeeping directory to minimize the risk of exploitation.