Podatność CVE-2010-3199


Publikacja: 2010-09-10   Modyfikacja: 2012-02-13

Opis:
Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
Tortoise SVN 1.6.10 build 19898 the Windows DLL hijacking vulnerability.
Nikhil Mittal
01.09.2010

Typ:

CWE-264

(Permissions, Privileges, and Access Controls)

Producent: Tigris
Produkt: Tortoisesvn 
Wersje:
1.6.6
1.6.5
1.6.4
1.6.3
1.6.10
1.6.0
1.5.9
1.5.8
1.5.7
1.5.6
1.5.5
1.5.4
1.5.3
1.5.2
1.5.10
1.5.1
1.5.0
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0
0.9.2
0.9.1
0.8.1
0.8
0.7
0.6.1
0.6
0.5.1
0.5
0.4
0.3
0.26
0.25
0.24
0.23
0.22
0.21
0.20.2
0.20.1
0.20
0.19
0.18
0.17
0.16
0.15.2
0.15.1
0.15
0.14
0.12.1
0.12
0.11.2
0.11.0
0.10.0
0.1

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
9.3/10
10/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny

 Referencje:
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc
http://www.securityfocus.com/archive/1/513442/100/0/threaded
http://www.securityfocus.com/archive/1/513463/100/0/threaded

Podobne CVE
CVE-2009-0240
listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
CVE-2008-5918
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2008-5919
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
CVE-2008-5920
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.

Copyright 2019, cxsecurity.com

 

Back to Top