CVE-2006-1166 - Vulnerability Details - OpenCVE

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00086.

Key SSVC decision points have not yet been added.

Vendors	Products
Monotone	Monotone

Configuration 1 [-]

cpe:2.3:a:monotone:monotone:0.25:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html
http://secunia.com/advisories/19260
http://www.securityfocus.com/bid/17139
http://www.vupen.com/english/advisories/2006/0990
https://exchange.xforce.ibmcloud.com/vulnerabilities/25294

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-12T21:00:00

Updated: 2024-08-07T17:03:28.540Z

Reserved: 2006-03-12T00:00:00

Link: CVE-2006-1166

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-03-12T21:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-1166

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Monotone 0.25 and earlier, when a user creates a file in a directory called \"mt\", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the \"MT\" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19260", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19260"}, {"name": "[Monotone-devel] 20060308 [ANNOUNCE] Monotone 0.25.2 -- security fix release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"name": "17139", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17139"}, {"name": "ADV-2006-0990", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"name": "monotone-mt-lua-code-execution(25294)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1166", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Monotone 0.25 and earlier, when a user creates a file in a directory called \"mt\", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the \"MT\" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19260", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19260"}, {"name": "[Monotone-devel] 20060308 [ANNOUNCE] Monotone 0.25.2 -- security fix release", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"name": "17139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17139"}, {"name": "ADV-2006-0990", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"name": "monotone-mt-lua-code-execution(25294)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:03:28.540Z"}, "title": "CVE Program Container", "references": [{"name": "19260", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19260"}, {"name": "[Monotone-devel] 20060308 [ANNOUNCE] Monotone 0.25.2 -- security fix release", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"name": "17139", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17139"}, {"name": "ADV-2006-0990", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"name": "monotone-mt-lua-code-execution(25294)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1166", "datePublished": "2006-03-12T21:00:00", "dateReserved": "2006-03-12T00:00:00", "dateUpdated": "2024-08-07T17:03:28.540Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:monotone:monotone:0.25:*:*:*:*:*:*:*", "matchCriteriaId": "DBA0B97E-A9E6-4892-905C-96B5F48B5C1A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Monotone 0.25 and earlier, when a user creates a file in a directory called \"mt\", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the \"MT\" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone."}], "id": "CVE-2006-1166", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-12T21:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19260"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17139"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}