Vulnerabilities > CVE-2007-2448 - Remote Revision Property Information Disclosure vulnerability in Subversion
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1053-1.NASL description It was discovered that Subversion incorrectly handled certain last seen 2020-06-01 modified 2020-06-02 plugin id 51846 published 2011-02-02 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51846 title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerabilities (USN-1053-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1053-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(51846); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2007-2448", "CVE-2010-3315", "CVE-2010-4539", "CVE-2010-4644"); script_xref(name:"USN", value:"1053-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerabilities (USN-1053-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Subversion incorrectly handled certain 'partial access' privileges in rare scenarios. Remote authenticated users could use this flaw to obtain sensitive information (revision properties). This issue only applied to Ubuntu 6.06 LTS. (CVE-2007-2448) It was discovered that the Subversion mod_dav_svn module for Apache did not properly handle a named repository as a rule scope. Remote authenticated users could use this flaw to bypass intended restrictions. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-3315) It was discovered that the Subversion mod_dav_svn module for Apache incorrectly handled the walk function. Remote authenticated users could use this flaw to cause the service to crash, leading to a denial of service. (CVE-2010-4539) It was discovered that Subversion incorrectly handled certain memory operations. Remote authenticated users could use this flaw to consume large quantities of memory and cause the service to crash, leading to a denial of service. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-4644). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1053-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-core-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn0-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-subversion-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(6\.06|8\.04|9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"libapache2-svn", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-core-perl", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-doc", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-javahl", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-ruby", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-ruby1.8", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn0", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn0-dev", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"python-subversion", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"python2.4-subversion", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"subversion", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"subversion-tools", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libapache2-svn", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-dev", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-doc", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-java", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-javahl", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-perl", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-ruby", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-ruby1.8", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn1", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"python-subversion", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"python-subversion-dbg", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"subversion", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"subversion-tools", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libapache2-svn", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-dev", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-doc", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-java", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-perl", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-ruby", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-ruby1.8", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn1", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-subversion", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-subversion-dbg", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"subversion", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"subversion-tools", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libapache2-svn", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-dev", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-doc", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-java", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-perl", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-ruby", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-ruby1.8", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn1", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"python-subversion", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"python-subversion-dbg", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"subversion", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"subversion-tools", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libapache2-svn", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-dev", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-doc", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-java", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-perl", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-ruby", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-ruby1.8", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn1", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"python-subversion", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"python-subversion-dbg", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"subversion", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"subversion-tools", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-svn / libsvn-core-perl / libsvn-dev / libsvn-doc / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-2635.NASL description This update includes the Subversion 1.4.4 release, including a number of bug fixes and a fix for a minor security issue. An issue was discovered in the implementation of access control for revision properties in the path-based authorization code. In a repository using path-based access control, if a path was copied from a private area to a public area, the revision properties of the (private) source path would become visible despite the access control restrictions. (CVE-2007-2448) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27782 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27782 title Fedora 7 : subversion-1.4.4-1.fc7 (2007-2635) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2635. # include("compat.inc"); if (description) { script_id(27782); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-2448"); script_xref(name:"FEDORA", value:"2007-2635"); script_name(english:"Fedora 7 : subversion-1.4.4-1.fc7 (2007-2635)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update includes the Subversion 1.4.4 release, including a number of bug fixes and a fix for a minor security issue. An issue was discovered in the implementation of access control for revision properties in the path-based authorization code. In a repository using path-based access control, if a path was copied from a private area to a public area, the revision properties of the (private) source path would become visible despite the access control restrictions. (CVE-2007-2448) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=243856" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=245087" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004341.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3ae0ea58" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"mod_dav_svn-1.4.4-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"subversion-1.4.4-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"subversion-debuginfo-1.4.4-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"subversion-devel-1.4.4-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"subversion-javahl-1.4.4-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"subversion-perl-1.4.4-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"subversion-ruby-1.4.4-1.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-debuginfo / subversion-devel / etc"); }
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-06-26 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2448 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
References
- http://osvdb.org/36070
- http://secunia.com/advisories/43139
- http://securitytracker.com/id?1018237
- http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt
- http://www.securityfocus.com/bid/24463
- http://www.ubuntu.com/usn/USN-1053-1
- http://www.vupen.com/english/advisories/2007/2230
- http://www.vupen.com/english/advisories/2011/0264
- https://issues.rpath.com/browse/RPL-1896