CVE-2006-1564Linux vulnerability

5 documents5 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 77.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache SubversionDebian Linux
Timeline
PublishedMar 31
Latest updateMay 1

Description

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

Debianapache/subversion< 1.3.0-5+3

Also affects: Debian Linux 3.1

Patches

Patch: bugs.debian.orgPatch: www.securityfocus.comPatch: bugs.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-3qq2-vw3q-ww4p: Untrusted search path vulnerability in libapache2-svn 12022-05-01
CVEList
CVE-2006-1564: Untrusted search path vulnerability in libapache2-svn 12006-03-31
OSV
CVE-2006-1564: Untrusted search path vulnerability in libapache2-svn 12006-03-31

📋Vendor Advisories

1
Debian
CVE-2006-1564: subversion - Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in ...2006
CVE-2006-1564 — Debian Linux vulnerability | cvebase