Mandriva Linux Security Advisory 2013-236 September 17, 2013
News

Mandriva Linux Security Advisory 2013-236 – svnserve takes a –pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destination could be replaced by a symlink allowing for privilege escalation. svnserve does not create a pid file by default…. Mandriva Linux Security Advisory 2013-236 – svnserve takes a –pid-file option which creates a file containing the process id it is running as. It does not take steps to ensure that the file it has been directed at is not a symlink. If the pid file is in a directory writeable by unprivileged users, the destination could be replaced by a symlink allowing for privilege escalation. svnserve does not create a pid file by default.

Read more http://packetstormsecurity.com/files/123265/MDVSA-2013-236.txt