Vulnerabilities > CVE-2009-2411 - Numeric Errors vulnerability in Subversion
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-006.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42433 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42433 title Mac OS X Multiple Vulnerabilities (Security Update 2009-006) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42433); script_version("1.27"); script_cve_id( "CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293" ); script_bugtraq_id( 26245, 27778, 34663, 35115, 35221, 35251, 35565, 35623, 35888, 35983, 36263, 36449, 36959, 36961, 36962, 36963, 36964, 36966, 36967, 36972, 36973, 36975, 36977, 36978, 36979, 36982, 36985, 36988, 36990 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)"); script_summary(english:"Check for the presence of Security Update 2009-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BCE1F76D82D011DE88EA001A4D49522B.NASL description A Subversion Security Advisory reports : Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update. This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear). last seen 2020-06-01 modified 2020-06-02 plugin id 40508 published 2009-08-07 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40508 title FreeBSD : subversion -- heap overflow vulnerability (bce1f76d-82d0-11de-88ea-001a4d49522b) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(40508); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:40"); script_cve_id("CVE-2009-2411"); script_name(english:"FreeBSD : subversion -- heap overflow vulnerability (bce1f76d-82d0-11de-88ea-001a4d49522b)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "A Subversion Security Advisory reports : Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update. This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear)." ); script_set_attribute( attribute:"see_also", value:"http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt" ); # https://vuxml.freebsd.org/freebsd/bce1f76d-82d0-11de-88ea-001a4d49522b.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?adb013fe" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:p5-subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py-subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:subversion-freebsd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"subversion<1.6.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"subversion-freebsd<1.6.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"p5-subversion<1.6.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"py-subversion<1.6.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-812-1.NASL description Matt Lewis discovered that Subversion did not properly sanitize its input when processing svndiff streams, leading to various integer and heap overflows. If a user or automated system processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user processing the input. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40528 published 2009-08-10 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40528 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : subversion vulnerability (USN-812-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-812-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(40528); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2009-2411"); script_bugtraq_id(35983); script_xref(name:"USN", value:"812-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : subversion vulnerability (USN-812-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Matt Lewis discovered that Subversion did not properly sanitize its input when processing svndiff streams, leading to various integer and heap overflows. If a user or automated system processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user processing the input. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/812-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-core-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn0-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-subversion-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"libapache2-svn", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-core-perl", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-doc", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-javahl", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-ruby", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-ruby1.8", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn0", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn0-dev", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"python-subversion", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"python2.4-subversion", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"subversion", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"subversion-tools", pkgver:"1.3.1-3ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libapache2-svn", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-dev", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-doc", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-java", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-javahl", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-perl", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-ruby", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-ruby1.8", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn1", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"python-subversion", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"python-subversion-dbg", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"subversion", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"subversion-tools", pkgver:"1.4.6dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libapache2-svn", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libsvn-dev", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libsvn-doc", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libsvn-java", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libsvn-perl", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libsvn-ruby", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libsvn-ruby1.8", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libsvn1", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"python-subversion", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"python-subversion-dbg", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"subversion", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"subversion-tools", pkgver:"1.5.1dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libapache2-svn", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libsvn-dev", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libsvn-doc", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libsvn-java", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libsvn-perl", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libsvn-ruby", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libsvn-ruby1.8", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libsvn1", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-subversion", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-subversion-dbg", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"subversion", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"subversion-tools", pkgver:"1.5.4dfsg1-1ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-svn / libsvn-core-perl / libsvn-dev / libsvn-doc / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_CVS2SVN-6423.NASL description This update of subversion fixes some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411) last seen 2020-06-01 modified 2020-06-02 plugin id 51720 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51720 title SuSE 10 Security Update : subversion (ZYPP Patch Number 6423) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(51720); script_version ("1.5"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2009-2411"); script_name(english:"SuSE 10 Security Update : subversion (ZYPP Patch Number 6423)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of subversion fixes some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2411.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6423."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"subversion-1.3.1-1.13")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"subversion-devel-1.3.1-1.13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1203.NASL description Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. last seen 2020-06-01 modified 2020-06-02 plugin id 43775 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43775 title CentOS 5 : subversion (CESA-2009:1203) NASL family SuSE Local Security Checks NASL id SUSE_11_1_SUBVERSION-090810.NASL description This version upgrade of subversion to 1.5.7 fixes some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411) Version 1.5.7 also fixes various non-security bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 40589 published 2009-08-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40589 title openSUSE Security Update : subversion (subversion-1185) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1855.NASL description Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases. last seen 2020-06-01 modified 2020-06-02 plugin id 44720 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44720 title Debian DSA-1855-1 : subversion - heap overflow NASL family Windows NASL id SUBVERSION_1_6_4.NASL description The installed version of Subversion Client or Server is affected by multiple heap overflow issues. Specifically, the last seen 2020-06-01 modified 2020-06-02 plugin id 40620 published 2009-08-19 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40620 title Apache Subversion < 1.6.4 'libsvn_delta' Library Binary Delta svndiff Stream Parsing Multiple Overflows NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_2.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42434 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42434 title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200908-05.NASL description The remote host is affected by the vulnerability described in GLSA-200908-05 (Subversion: Remote execution of arbitrary code) Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows. Impact : A remote attacker with commit access could exploit this vulnerability by sending a specially crafted commit to a Subversion server, or a remote attacker could entice a user to check out or update a repository from a malicious Subversion server, possibly resulting in the execution of arbitrary code with the privileges of the user running the server or client. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 40630 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40630 title GLSA-200908-05 : Subversion: Remote execution of arbitrary code NASL family Scientific Linux Local Security Checks NASL id SL_20090810_SUBVERSION_ON_SL4_X.NASL description CVE-2009-2411 subversion: multiple heap overflow issues Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. last seen 2020-06-01 modified 2020-06-02 plugin id 60638 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60638 title Scientific Linux Security Update : subversion on SL4.x, SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2009-8432.NASL description This update includes the latest stable release of Subversion, including several enhancements, many bug fixes, and a fix for a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious users with commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) Version 1.6 offers many bug fixes and enhancements over 1.5, with the notable major features: - identical files share storage space in repository - file-externals support for intra-repository files - last seen 2020-06-01 modified 2020-06-02 plugin id 40534 published 2009-08-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40534 title Fedora 10 : subversion-1.6.4-2.fc10 (2009-8432) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-219-01.NASL description New subversion packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40511 published 2009-08-10 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40511 title Slackware 12.0 / 12.1 / 12.2 / current : subversion (SSA:2009-219-01) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8449.NASL description This update includes the latest stable release of Subversion, fixing many bugs and a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious users with commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) This update also adds support for storing passwords in the GNOME Keyring or KDE Wallet, via the new subversion-gnome and subversion-kde subpackages. For more details of the bug fixes included in this update, see: http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40536 published 2009-08-11 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40536 title Fedora 11 : subversion-1.6.4-2.fc11 (2009-8449) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1203.NASL description From Red Hat Security Advisory 2009:1203 : Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. last seen 2020-06-01 modified 2020-06-02 plugin id 67906 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67906 title Oracle Linux 4 / 5 : subversion (ELSA-2009-1203) NASL family SuSE Local Security Checks NASL id SUSE_11_0_SUBVERSION-090810.NASL description This version upgrade of subversion to 1.5.7 fixes some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411) Version 1.5.7 also fixes various non-security bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 40588 published 2009-08-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40588 title openSUSE Security Update : subversion (subversion-1185) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-199.NASL description A vulnerability has been found and corrected in subversion : Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412 (CVE-2009-2411). This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 40540 published 2009-08-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40540 title Mandriva Linux Security Advisory : subversion (MDVSA-2009:199-1) NASL family SuSE Local Security Checks NASL id SUSE_SUBVERSION-6418.NASL description This update of subversion some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411) last seen 2020-06-01 modified 2020-06-02 plugin id 42036 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42036 title openSUSE 10 Security Update : subversion (subversion-6418) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1203.NASL description Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. last seen 2020-06-01 modified 2020-06-02 plugin id 40541 published 2009-08-11 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40541 title RHEL 4 / 5 : subversion (RHSA-2009:1203)
Oval
| accepted | 2013-04-29T04:14:14.421-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11465 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 35983 CVE(CAN) ID: CVE-2009-2411 Subversion是一款开放源码的多用户版本控制系统,支持非ASCII 文本和二进制数据。 Subversion的libsvn_delta库没有充分地验证svndiff流,处理带有超大窗口的流可能触发最终可导致堆溢出的整数溢出漏洞。拥有对代码库commit访问权限的攻击者可以利用这个漏洞在Subversion Server服务器上执行任意代码。 Subversion Subversion < 1.5.7 Subversion Subversion 1.6.0 - 1.6.3 厂商补丁: Subversion ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://subversion.tigris.org/ |
| id | SSV:12025 |
| last seen | 2017-11-19 |
| modified | 2009-08-11 |
| published | 2009-08-11 |
| reporter | Root |
| title | Subversion libsvn_delta库整数溢出漏洞 |
References
- http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://osvdb.org/56856
- http://secunia.com/advisories/36184
- http://secunia.com/advisories/36224
- http://secunia.com/advisories/36232
- http://secunia.com/advisories/36257
- http://secunia.com/advisories/36262
- http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
- http://support.apple.com/kb/HT3937
- http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
- http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
- http://svn.haxx.se/dev/archive-2009-08/0107.shtml
- http://svn.haxx.se/dev/archive-2009-08/0108.shtml
- http://svn.haxx.se/dev/archive-2009-08/0110.shtml
- http://www.debian.org/security/2009/dsa-1855
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
- http://www.redhat.com/support/errata/RHSA-2009-1203.html
- http://www.securityfocus.com/bid/35983
- http://www.securitytracker.com/id?1022697
- http://www.ubuntu.com/usn/usn-812-1
- http://www.vupen.com/english/advisories/2009/2180
- http://www.vupen.com/english/advisories/2009/3184
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html