ID CVE-2006-1564
Summary Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
CVSS
Base: 4.6 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 17288
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234
xf libapache2-svn-file-upload(25680)
Last major update 20-07-2017 - 01:30
Published 31-03-2006 - 11:06
Last modified 20-07-2017 - 01:30
Back to Top