Vulnerabilities > CVE-2004-0749 - Information Disclosure vulnerability in Subversion Mod_Authz_Svn Metadata
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-35.NASL description The remote host is affected by the vulnerability described in GLSA-200409-35 (Subversion: Metadata information leak) There is a bug in mod_authz_svn that causes it to reveal logged metadata regarding commits to protected areas. Impact : Protected files themselves will not be revealed, but an attacker could use the metadata to reveal the existence of protected areas, such as paths, file versions, and the commit logs from those areas. Workaround : Rather than using mod_authz_svn, move protected areas into separate repositories and use native Apache authentication to make these repositories unreadable. last seen 2020-06-01 modified 2020-06-02 plugin id 15406 published 2004-10-01 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15406 title GLSA-200409-35 : Subversion: Metadata information leak code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200409-35. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15406); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0749"); script_xref(name:"GLSA", value:"200409-35"); script_name(english:"GLSA-200409-35 : Subversion: Metadata information leak"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200409-35 (Subversion: Metadata information leak) There is a bug in mod_authz_svn that causes it to reveal logged metadata regarding commits to protected areas. Impact : Protected files themselves will not be revealed, but an attacker could use the metadata to reveal the existence of protected areas, such as paths, file versions, and the commit logs from those areas. Workaround : Rather than using mod_authz_svn, move protected areas into separate repositories and use native Apache authentication to make these repositories unreadable." ); script_set_attribute( attribute:"see_also", value:"http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200409-35" ); script_set_attribute( attribute:"solution", value: "All Subversion users should upgrade to the latest version: # emerge sync # emerge -pv '>=dev-util/subversion-1.0.8' # emerge '>=dev-util/subversion-1.0.8'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:subversion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/01"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-util/subversion", unaffected:make_list("ge 1.0.8"), vulnerable:make_list("lt 1.0.8"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Subversion"); }NASL family Misc. NASL id SUBVERSION_1_0_8.NASL description You are running a version of Subversion which is older than 1.0.8 or 1.1.0-rc4. A flaw exists in older version, in the apache module mod_authz_svn, which fails to properly restrict access to metadata within unreadable paths. An attacker can read metadata in unreadable paths, which can contain sensitive information such as logs and paths. last seen 2020-06-01 modified 2020-06-02 plugin id 14800 published 2004-09-23 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14800 title Subversion < 1.0.8 / 1.1.0-rc4 mod_authz_svn Unreadable Path Metadata Information Disclosure NASL family FreeBSD Local Security Checks NASL id FREEBSD_SUBVERSION_108.NASL description The following package needs to be updated: subversion-perl last seen 2016-09-26 modified 2004-09-28 plugin id 14844 published 2004-09-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14844 title FreeBSD : subversion -- WebDAV fails to protect metadata (188) NASL family Fedora Local Security Checks NASL id FEDORA_2004-318.NASL description This update includes the latest stable release of Subversion, including a security fix for information disclosure bugs in handling of metadata (such as log messages) in repositories using mod_authz_svn for path-based access-control (CVE-2004-0749). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14808 published 2004-09-24 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14808 title Fedora Core 2 : subversion-1.0.8-1 (2004-318) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_184F5D0B0FE811D98A8A000C41E2CDAD.NASL description In some situations, subversion metadata may be unexpectedly disclosed via WebDAV. A subversion advisory states : mod_authz_svn, the Apache httpd module which does path-based authorization on Subversion repositories, is not correctly protecting all metadata on unreadable paths. This security issue is not about revealing the contents of protected files: it only reveals metadata about protected areas such as paths and log messages. This may or may not be important to your organization, depending on how you last seen 2020-06-01 modified 2020-06-02 plugin id 37142 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37142 title FreeBSD : subversion -- WebDAV fails to protect metadata (184f5d0b-0fe8-11d9-8a8a-000c41e2cdad)