CVE-2006-1166

Sažetak

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.

Reference

http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html
http://secunia.com/advisories/19260
http://www.securityfocus.com/bid/17139
http://www.vupen.com/english/advisories/2006/0990
https://exchange.xforce.ibmcloud.com/vulnerabilities/25294

CVSS

Base:	3.7
Impact:	6.4
Exploitability:	1.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2017 - 01:30

Objavljeno

12-03-2006 - 21:02