Vulnerability Details : CVE-2006-1564
Potential exploit
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
Products affected by CVE-2006-1564
- cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1564
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1564
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2006-1564
-
http://www.securityfocus.com/bid/17288
Patch
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234
#359234 - libapache2-svn: modules have trapdoor rpath /tmp/svn - Debian Bug report logsExploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25680
libapache2 /tmp/svn file upload CVE-2006-1564 Vulnerability Report
Jump to