Vulnerability Description
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Subversion | 1.8.0 |
Related Weaknesses (CWE)
References
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- https://subversion.apache.org/security/CVE-2013-4262-advisory.txtVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- https://subversion.apache.org/security/CVE-2013-4262-advisory.txtVendor Advisory
FAQ
What is CVE-2013-7393?
CVE-2013-7393 is a vulnerability with a CVSS score of 2.4 (LOW). The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile...
How severe is CVE-2013-7393?
CVE-2013-7393 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7393?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Subversion.