CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
apachesubversion
1.4.0
apachesubversion
1.4.1
apachesubversion
1.4.2
apachesubversion
1.4.3
apachesubversion
1.4.4
apachesubversion
1.4.5
apachesubversion
1.4.6
apachesubversion
1.5.0
apachesubversion
1.5.1
apachesubversion
1.5.2
apachesubversion
1.5.3
apachesubversion
1.5.4
apachesubversion
1.5.5
apachesubversion
1.5.6
apachesubversion
1.5.7
apachesubversion
1.5.8
apachesubversion
1.6.0
apachesubversion
1.6.1
apachesubversion
1.6.2
apachesubversion
1.6.3
apachesubversion
1.6.4
apachesubversion
1.6.5
apachesubversion
1.6.6
apachesubversion
1.6.7
apachesubversion
1.6.8
apachesubversion
1.6.9
apachesubversion
1.6.10
apachesubversion
1.6.11
apachesubversion
1.6.12
apachesubversion
1.6.13
apachesubversion
1.6.14
apachesubversion
1.6.15
apachesubversion
1.6.16
apachesubversion
1.6.17
apachesubversion
1.6.18
apachesubversion
1.6.19
apachesubversion
1.6.20
apachesubversion
1.6.21
apachesubversion
1.6.23
apachesubversion
1.7.0
apachesubversion
1.7.1
apachesubversion
1.7.2
apachesubversion
1.7.3
apachesubversion
1.7.4
apachesubversion
1.7.5
apachesubversion
1.7.6
apachesubversion
1.7.7
apachesubversion
1.7.8
apachesubversion
1.7.9
apachesubversion
1.7.10
apachesubversion
1.7.11
apachesubversion
1.7.12
apachesubversion
1.8.0
apachesubversion
1.8.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bookworm
1.14.2-4
fixed
bullseye
1.14.1-3+deb11u1
fixed
bullseye (security)
1.14.1-3+deb11u1
fixed
sid
1.14.4-2
fixed
squeeze
no-dsa
trixie
1.14.4-2
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
subversion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-bash-completion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-devel
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-perl
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-python
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-tools
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-09/msg00031.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00054.html
http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
http://www.securityfocus.com/bid/62266
https://exchange.xforce.ibmcloud.com/vulnerabilities/86972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18554
http://lists.opensuse.org/opensuse-updates/2013-09/msg00031.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00054.html
http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
http://www.securityfocus.com/bid/62266
https://exchange.xforce.ibmcloud.com/vulnerabilities/86972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18554