Vulnerabilities > CVE-2010-4644 - Resource Management Errors vulnerability in Apache Subversion
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0257.NASL description Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed last seen 2020-06-01 modified 2020-06-02 plugin id 53420 published 2011-04-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53420 title CentOS 5 : subversion (CESA-2011:0257) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0257 and # CentOS Errata and Security Advisory 2011:0257 respectively. # include("compat.inc"); if (description) { script_id(53420); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:05"); script_cve_id("CVE-2010-4539", "CVE-2010-4644"); script_bugtraq_id(45655); script_xref(name:"RHSA", value:"2011:0257"); script_name(english:"CentOS 5 : subversion (CESA-2011:0257)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used." ); # https://lists.centos.org/pipermail/centos-announce/2011-April/017285.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac08c320" ); # https://lists.centos.org/pipermail/centos-announce/2011-April/017287.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6909adfd" ); script_set_attribute( attribute:"solution", value:"Update the affected subversion packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"mod_dav_svn-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-devel-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-javahl-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-perl-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-ruby-1.6.11-7.el5_6.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-devel / subversion-javahl / etc"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0257.NASL description From Red Hat Security Advisory 2011:0257 : Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed last seen 2020-06-01 modified 2020-06-02 plugin id 68199 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68199 title Oracle Linux 5 : subversion (ELSA-2011-0257) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0257 and # Oracle Linux Security Advisory ELSA-2011-0257 respectively. # include("compat.inc"); if (description) { script_id(68199); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:09"); script_cve_id("CVE-2010-4539", "CVE-2010-4644"); script_bugtraq_id(45655); script_xref(name:"RHSA", value:"2011:0257"); script_name(english:"Oracle Linux 5 : subversion (ELSA-2011-0257)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2011:0257 : Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2011-February/001823.html" ); script_set_attribute( attribute:"solution", value:"Update the affected subversion packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"mod_dav_svn-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"EL5", reference:"subversion-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"EL5", reference:"subversion-devel-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"EL5", reference:"subversion-javahl-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"EL5", reference:"subversion-perl-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"EL5", reference:"subversion-ruby-1.6.11-7.el5_6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-devel / subversion-javahl / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2011-0099.NASL description This release includes the latest Subversion release, fixing several bugs : - improve svnsync handling of dir copies - hide unreadable dirs in mod_dav_svn last seen 2020-06-01 modified 2020-06-02 plugin id 51565 published 2011-01-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51565 title Fedora 14 : subversion-1.6.15-1.fc14 (2011-0099) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-0099. # include("compat.inc"); if (description) { script_id(51565); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2010-4539", "CVE-2010-4644"); script_bugtraq_id(45655); script_xref(name:"FEDORA", value:"2011-0099"); script_name(english:"Fedora 14 : subversion-1.6.15-1.fc14 (2011-0099)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This release includes the latest Subversion release, fixing several bugs : - improve svnsync handling of dir copies - hide unreadable dirs in mod_dav_svn's GET response - make 'svnmucc propsetf' actually work - limit memory fragmentation in svnserve - fix 'svn export' regression from 1.6.13 - fix 'svn export' mistakenly uri-encodes paths - fix server-side memory leaks triggered by 'blame -g' - prevent crash in mod_dav_svn when using SVNParentPath - allow 'log -g' to continue in the face of invalid mergeinfo - filter unreadable paths for 'svn ls' and 'svn co' - fix abort in 'svn blame -g' - fix file handle leak in ruby bindings - remove check for 1.7-style working copies Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=667407" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=667763" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?502cf53c" ); script_set_attribute( attribute:"solution", value:"Update the affected subversion package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"subversion-1.6.15-1.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "subversion"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-11.NASL description The remote host is affected by the vulnerability described in GLSA-201309-11 (Subversion: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service condition or obtain sensitive information. A local attacker could escalate his privileges to the user running svnserve. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70084 published 2013-09-24 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70084 title GLSA-201309-11 : Subversion: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-11. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70084); script_version("1.7"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2010-4539", "CVE-2010-4644", "CVE-2011-0715", "CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921", "CVE-2013-1845", "CVE-2013-1846", "CVE-2013-1847", "CVE-2013-1849", "CVE-2013-1884", "CVE-2013-1968", "CVE-2013-2088", "CVE-2013-2112", "CVE-2013-4131", "CVE-2013-4277"); script_bugtraq_id(45655, 46734, 48091, 58323, 58895, 58896, 58897, 58898, 60264, 60265, 60267, 61454, 62266); script_xref(name:"GLSA", value:"201309-11"); script_name(english:"GLSA-201309-11 : Subversion: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-11 (Subversion: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service condition or obtain sensitive information. A local attacker could escalate his privileges to the user running svnserve. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201309-11" ); script_set_attribute( attribute:"solution", value: "All Subversion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-vcs/subversion-1.7.13'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:subversion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-vcs/subversion", unaffected:make_list("ge 1.7.13"), vulnerable:make_list("lt 1.7.13"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Subversion"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20110215_SUBVERSION_ON_SL5_X.NASL description A server-side memory leak was found in the Subversion server. If a malicious, remote user performed last seen 2020-06-01 modified 2020-06-02 plugin id 60954 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60954 title Scientific Linux Security Update : subversion on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60954); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:19"); script_cve_id("CVE-2010-4539", "CVE-2010-4644"); script_name(english:"Scientific Linux Security Update : subversion on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=1243 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e4a84f3d" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"mod_dav_svn-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"SL5", reference:"subversion-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"SL5", reference:"subversion-devel-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"SL5", reference:"subversion-javahl-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"SL5", reference:"subversion-perl-1.6.11-7.el5_6.1")) flag++; if (rpm_check(release:"SL5", reference:"subversion-ruby-1.6.11-7.el5_6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1053-1.NASL description It was discovered that Subversion incorrectly handled certain last seen 2020-06-01 modified 2020-06-02 plugin id 51846 published 2011-02-02 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51846 title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerabilities (USN-1053-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1053-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(51846); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2007-2448", "CVE-2010-3315", "CVE-2010-4539", "CVE-2010-4644"); script_xref(name:"USN", value:"1053-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerabilities (USN-1053-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Subversion incorrectly handled certain 'partial access' privileges in rare scenarios. Remote authenticated users could use this flaw to obtain sensitive information (revision properties). This issue only applied to Ubuntu 6.06 LTS. (CVE-2007-2448) It was discovered that the Subversion mod_dav_svn module for Apache did not properly handle a named repository as a rule scope. Remote authenticated users could use this flaw to bypass intended restrictions. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-3315) It was discovered that the Subversion mod_dav_svn module for Apache incorrectly handled the walk function. Remote authenticated users could use this flaw to cause the service to crash, leading to a denial of service. (CVE-2010-4539) It was discovered that Subversion incorrectly handled certain memory operations. Remote authenticated users could use this flaw to consume large quantities of memory and cause the service to crash, leading to a denial of service. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-4644). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1053-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-core-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn0-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-subversion-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/06/14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(6\.06|8\.04|9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"libapache2-svn", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-core-perl", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-doc", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-javahl", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-ruby", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn-ruby1.8", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn0", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libsvn0-dev", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"python-subversion", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"python2.4-subversion", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"subversion", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"subversion-tools", pkgver:"1.3.1-3ubuntu1.3")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libapache2-svn", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-dev", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-doc", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-java", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-javahl", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-perl", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-ruby", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn-ruby1.8", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libsvn1", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"python-subversion", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"python-subversion-dbg", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"subversion", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"subversion-tools", pkgver:"1.4.6dfsg1-2ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libapache2-svn", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-dev", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-doc", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-java", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-perl", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-ruby", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn-ruby1.8", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libsvn1", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-subversion", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-subversion-dbg", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"subversion", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"subversion-tools", pkgver:"1.6.5dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libapache2-svn", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-dev", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-doc", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-java", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-perl", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-ruby", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn-ruby1.8", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libsvn1", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"python-subversion", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"python-subversion-dbg", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"subversion", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"subversion-tools", pkgver:"1.6.6dfsg-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libapache2-svn", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-dev", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-doc", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-java", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-perl", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-ruby", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn-ruby1.8", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"libsvn1", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"python-subversion", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"python-subversion-dbg", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"subversion", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"subversion-tools", pkgver:"1.6.12dfsg-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-svn / libsvn-core-perl / libsvn-dev / libsvn-doc / etc"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0258.NASL description From Red Hat Security Advisory 2011:0258 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to last seen 2020-06-01 modified 2020-06-02 plugin id 68200 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68200 title Oracle Linux 6 : subversion (ELSA-2011-0258) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0258.NASL description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to last seen 2020-06-01 modified 2020-06-02 plugin id 51995 published 2011-02-16 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51995 title RHEL 6 : subversion (RHSA-2011:0258) NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBSVN_AUTH_GNOME_KEYRING-1-0-110119.NASL description The subversion server could be crashed by clients inside SVNParentPath(). Additionally an Out Of Memory condition via last seen 2020-06-01 modified 2020-06-02 plugin id 75616 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75616 title openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0136-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0257.NASL description Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed last seen 2020-06-01 modified 2020-06-02 plugin id 51994 published 2011-02-16 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51994 title RHEL 5 : subversion (RHSA-2011:0257) NASL family Scientific Linux Local Security Checks NASL id SL_20110215_SUBVERSION_ON_SL6_X.NASL description An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to last seen 2020-06-01 modified 2020-06-02 plugin id 60955 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60955 title Scientific Linux Security Update : subversion on SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBSVN_AUTH_GNOME_KEYRING-1-0-110119.NASL description The subversion server could be crashed by clients inside SVNParentPath(). Additionally an Out Of Memory condition via last seen 2020-06-01 modified 2020-06-02 plugin id 53759 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53759 title openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0136-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-006.NASL description Multiple vulnerabilities has been found and corrected in subversion : The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections (CVE-2010-4539). Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command (CVE-2010-4644). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to the latest versions (1.5.9, 1.6.15) which is not affected by these issues and in turn contains many bugfixes as well. last seen 2020-06-01 modified 2020-06-02 plugin id 51798 published 2011-01-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51798 title Mandriva Linux Security Advisory : subversion (MDVSA-2011:006) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_716120991E9311E0A587001B77D09812.NASL description Entry for CVE-2010-4539 says : The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Entry for CVE-2010-4644 says : Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. last seen 2020-06-01 modified 2020-06-02 plugin id 51520 published 2011-01-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51520 title FreeBSD : subversion -- multiple DoS (71612099-1e93-11e0-a587-001b77d09812)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.vupen.com/english/advisories/2011/0015
- http://svn.haxx.se/dev/archive-2010-11/0102.shtml
- http://openwall.com/lists/oss-security/2011/01/05/4
- http://openwall.com/lists/oss-security/2011/01/02/1
- http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES
- http://svn.apache.org/viewvc?view=revision&revision=1032808
- http://openwall.com/lists/oss-security/2011/01/04/8
- http://secunia.com/advisories/42780
- http://www.securityfocus.com/bid/45655
- http://openwall.com/lists/oss-security/2011/01/04/10
- http://www.securitytracker.com/id?1024935
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:006
- http://www.vupen.com/english/advisories/2011/0103
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html
- http://secunia.com/advisories/42969
- http://www.vupen.com/english/advisories/2011/0162
- http://www.ubuntu.com/usn/USN-1053-1
- http://www.vupen.com/english/advisories/2011/0264
- http://secunia.com/advisories/43139
- http://www.redhat.com/support/errata/RHSA-2011-0258.html
- http://secunia.com/advisories/43115
- http://www.redhat.com/support/errata/RHSA-2011-0257.html
- http://secunia.com/advisories/43346
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64473
- http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E
- http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E