CVE-2006-1166 Information

Description

Monotone 0.25 and earlier when a user creates a file in a directory called \mt\ and when checking out that file on a case-insensitive file system such as Windows or Mac OS X places the file into the \MT\ bookkeeping directory which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.

Reference

http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html http://secunia.com/advisories/19260 http://www.securityfocus.com/bid/17139 http://www.vupen.com/english/advisories/2006/0990 https://exchange.xforce.ibmcloud.com/vulnerabilities/25294