CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the –pid-file option.

Affected Software

Name	Vendor	Start Version	End Version
Subversion	Apache	1.4.0 (including)	1.4.0 (including)
Subversion	Apache	1.4.1 (including)	1.4.1 (including)
Subversion	Apache	1.4.2 (including)	1.4.2 (including)
Subversion	Apache	1.4.3 (including)	1.4.3 (including)
Subversion	Apache	1.4.4 (including)	1.4.4 (including)
Subversion	Apache	1.4.5 (including)	1.4.5 (including)
Subversion	Apache	1.4.6 (including)	1.4.6 (including)
Subversion	Apache	1.5.0 (including)	1.5.0 (including)
Subversion	Apache	1.5.1 (including)	1.5.1 (including)
Subversion	Apache	1.5.2 (including)	1.5.2 (including)
Subversion	Apache	1.5.3 (including)	1.5.3 (including)
Subversion	Apache	1.5.4 (including)	1.5.4 (including)
Subversion	Apache	1.5.5 (including)	1.5.5 (including)
Subversion	Apache	1.5.6 (including)	1.5.6 (including)
Subversion	Apache	1.5.7 (including)	1.5.7 (including)
Subversion	Apache	1.5.8 (including)	1.5.8 (including)
Subversion	Apache	1.6.0 (including)	1.6.0 (including)
Subversion	Apache	1.6.1 (including)	1.6.1 (including)
Subversion	Apache	1.6.2 (including)	1.6.2 (including)
Subversion	Apache	1.6.3 (including)	1.6.3 (including)
Subversion	Apache	1.6.4 (including)	1.6.4 (including)
Subversion	Apache	1.6.5 (including)	1.6.5 (including)
Subversion	Apache	1.6.6 (including)	1.6.6 (including)
Subversion	Apache	1.6.7 (including)	1.6.7 (including)
Subversion	Apache	1.6.8 (including)	1.6.8 (including)
Subversion	Apache	1.6.9 (including)	1.6.9 (including)
Subversion	Apache	1.6.10 (including)	1.6.10 (including)
Subversion	Apache	1.6.11 (including)	1.6.11 (including)
Subversion	Apache	1.6.12 (including)	1.6.12 (including)
Subversion	Apache	1.6.13 (including)	1.6.13 (including)
Subversion	Apache	1.6.14 (including)	1.6.14 (including)
Subversion	Apache	1.6.15 (including)	1.6.15 (including)
Subversion	Apache	1.6.16 (including)	1.6.16 (including)
Subversion	Apache	1.6.17 (including)	1.6.17 (including)
Subversion	Apache	1.6.18 (including)	1.6.18 (including)
Subversion	Apache	1.6.19 (including)	1.6.19 (including)
Subversion	Apache	1.6.20 (including)	1.6.20 (including)
Subversion	Apache	1.6.21 (including)	1.6.21 (including)
Subversion	Apache	1.6.23 (including)	1.6.23 (including)
Subversion	Apache	1.7.0 (including)	1.7.0 (including)
Subversion	Apache	1.7.1 (including)	1.7.1 (including)
Subversion	Apache	1.7.2 (including)	1.7.2 (including)
Subversion	Apache	1.7.3 (including)	1.7.3 (including)
Subversion	Apache	1.7.4 (including)	1.7.4 (including)
Subversion	Apache	1.7.5 (including)	1.7.5 (including)
Subversion	Apache	1.7.6 (including)	1.7.6 (including)
Subversion	Apache	1.7.7 (including)	1.7.7 (including)
Subversion	Apache	1.7.8 (including)	1.7.8 (including)
Subversion	Apache	1.7.9 (including)	1.7.9 (including)
Subversion	Apache	1.7.10 (including)	1.7.10 (including)
Subversion	Apache	1.7.11 (including)	1.7.11 (including)
Subversion	Apache	1.7.12 (including)	1.7.12 (including)
Subversion	Apache	1.8.0 (including)	1.8.0 (including)
Subversion	Apache	1.8.1 (including)	1.8.1 (including)
Subversion	Ubuntu	lucid	*
Subversion	Ubuntu	precise	*
Subversion	Ubuntu	quantal	*
Subversion	Ubuntu	raring	*
Subversion	Ubuntu	saucy	*
Subversion	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4277
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References