CVE-2006-1166 - Vulnerability Details - OpenCVE

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Monotone	Monotone

Configuration 1 [-]

cpe:2.3:a:monotone:monotone:0.25:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html
http://secunia.com/advisories/19260
http://www.securityfocus.com/bid/17139
http://www.vupen.com/english/advisories/2006/0990
https://exchange.xforce.ibmcloud.com/vulnerabilities/25294

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-12T21:00:00

Updated: 2024-08-07T17:03:28.540Z

Reserved: 2006-03-12T00:00:00

Link: CVE-2006-1166

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-03-12T21:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-1166

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Monotone 0.25 and earlier, when a user creates a file in a directory called \"mt\", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the \"MT\" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19260", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19260"}, {"name": "[Monotone-devel] 20060308 [ANNOUNCE] Monotone 0.25.2 -- security fix release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"name": "17139", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17139"}, {"name": "ADV-2006-0990", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"name": "monotone-mt-lua-code-execution(25294)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1166", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Monotone 0.25 and earlier, when a user creates a file in a directory called \"mt\", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the \"MT\" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19260", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19260"}, {"name": "[Monotone-devel] 20060308 [ANNOUNCE] Monotone 0.25.2 -- security fix release", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"name": "17139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17139"}, {"name": "ADV-2006-0990", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"name": "monotone-mt-lua-code-execution(25294)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:03:28.540Z"}, "title": "CVE Program Container", "references": [{"name": "19260", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19260"}, {"name": "[Monotone-devel] 20060308 [ANNOUNCE] Monotone 0.25.2 -- security fix release", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"name": "17139", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17139"}, {"name": "ADV-2006-0990", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"name": "monotone-mt-lua-code-execution(25294)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1166", "datePublished": "2006-03-12T21:00:00", "dateReserved": "2006-03-12T00:00:00", "dateUpdated": "2024-08-07T17:03:28.540Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:monotone:monotone:0.25:*:*:*:*:*:*:*", "matchCriteriaId": "DBA0B97E-A9E6-4892-905C-96B5F48B5C1A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Monotone 0.25 and earlier, when a user creates a file in a directory called \"mt\", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the \"MT\" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone."}], "id": "CVE-2006-1166", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-12T21:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19260"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17139"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}