CVE-2013-7393

Name of the Vulnerable Software and Affected Versions Subversion versions 1.8.0 through 1.8.1

Description The issue allows local users to gain privileges via a symlink attack on the pid file created for certain scripts when the --pidfile option is used. This can be exploited in scripts such as svnwcsub.py or irkerbridge.py.

Recommendations For Subversion versions 1.8.0 through 1.8.1, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the --pidfile option with the daemonize.py module until a patch is available. Restrict access to the pid files created by svnwcsub.py and irkerbridge.py to minimize the risk of exploitation.