CVE-2006-1166

NameCVE-2006-1166
DescriptionMonotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
monotonesource(unstable)0.26pre1-0.1low

Notes

[sarge] - monotone <no-dsa> (Only exploitable in very far-fetched situation)
Needs a case-insensitive file system (e.g. VFAT or Samba) on the client
and massive social engineering

Search for package or bug name: Reporting problems