CVE-2013-4262

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file.  NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.4 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:S/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
apachesubversion
1.8.0
apachesubversion
1.8.1
apachesubversion
1.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bookworm
1.14.2-4
fixed
bullseye
1.14.1-3+deb11u1
fixed
bullseye (security)
1.14.1-3+deb11u1
fixed
sid
1.14.4-2
fixed
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
lucid
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
subversion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-bash-completion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-devel
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-perl
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-python
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-tools
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
Common Weakness Enumeration
References
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://subversion.apache.org/security/CVE-2013-4262-advisory.txt
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://subversion.apache.org/security/CVE-2013-4262-advisory.txt