Description
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://subversion.apache.org/security/CVE-2013-4262-advisory.txt
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Scores
EPSS
0.0017
EPSS Percentile
38.5%
Details
CWE
CWE-59
Status
published
Products (2)
apache/subversion
1.8.0
apache/subversion
1.8.1
Published
Jul 28, 2014
Tracked Since
Feb 18, 2026