Vulnerabilities > CVE-2014-0032 - Improper Input Validation vulnerability in Apache Subversion
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family Windows NASL id SUBVERSION_1_8_8.NASL description The installed version of Subversion Server is affected by an error related to last seen 2020-06-01 modified 2020-06-02 plugin id 72744 published 2014-02-28 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72744 title Apache Subversion 1.3.x - 1.7.14 / 1.8.x < 1.8.8 'mod_dav_svn' DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72744); script_version("1.6"); script_cvs_date("Date: 2018/07/30 15:31:32"); script_cve_id("CVE-2014-0032"); script_bugtraq_id(65434); script_name(english:"Apache Subversion 1.3.x - 1.7.14 / 1.8.x < 1.8.8 'mod_dav_svn' DoS"); script_summary(english:"Checks Subversion Server version."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The installed version of Subversion Server is affected by an error related to 'mod_dav_svn', the 'SVNListParentPath' configuration option, and handling 'OPTIONS' requests that could allow denial of service attacks."); script_set_attribute(attribute:"see_also", value:"http://subversion.apache.org/security/CVE-2014-0032-advisory.txt"); script_set_attribute(attribute:"see_also", value:"http://svn.apache.org/viewvc?view=revision&revision=1557320"); script_set_attribute(attribute:"solution", value: "Upgrade to Subversion Server 1.7.16 / 1.8.8 or later, or apply the vendor-supplied patch or workaround."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/28"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:subversion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("subversion_installed.nasl"); script_require_keys("installed_sw/Subversion Server", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); appname = 'Subversion Server'; install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE); path = install['path']; version = install['version']; provider = install['Packaged with']; if (report_paranoia < 2) audit(AUDIT_PARANOID); # Affected : # 1.3.0 through 1.7.14 # 1.8.0 through 1.8.5 # Note : 1.7.15, 1.8.6, and 1.8.7 contain # fixes, but were not released if ( (ver_compare(ver:version, fix:'1.3.0', strict:FALSE) >= 0 && ver_compare(ver:version, fix:'1.7.0', strict:FALSE) == -1) || (ver_compare(ver:version, fix:'1.7.0', strict:FALSE) >= 0 && ver_compare(ver:version, fix:'1.7.15', strict:FALSE) == -1) || (ver_compare(ver:version, fix:'1.8.0', strict:FALSE) >= 0 && ver_compare(ver:version, fix:'1.8.6', strict:FALSE) == -1) ) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Packaged with : ' + provider + '\n Installed version : ' + version + '\n Fixed versions : 1.7.16 / 1.8.8' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, provider + ' ' + appname, version, path);NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-049.NASL description A vulnerability has been discovered and corrected in subversion : The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls http://svn.example.com command (CVE-2014-0032). This advisory provides the latest version of subversion (1.7.16) which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 72920 published 2014-03-11 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72920 title Mandriva Linux Security Advisory : subversion (MDVSA-2014:049) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:049. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(72920); script_version("1.4"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2014-0032"); script_bugtraq_id(65434); script_xref(name:"MDVSA", value:"2014:049"); script_name(english:"Mandriva Linux Security Advisory : subversion (MDVSA-2014:049)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been discovered and corrected in subversion : The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls http://svn.example.com command (CVE-2014-0032). This advisory provides the latest version of subversion (1.7.16) which is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"http://subversion.apache.org/security/CVE-2014-0032-advisory.txt" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svn-gnome-keyring0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svn0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svnjavahl1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-SVN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-svn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-svn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-svn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-gnome-keyring-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:svn-javahl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"apache-mod_dav_svn-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svn-gnome-keyring0-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svn0-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svnjavahl1-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-SVN-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-svn-devel-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-svn-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-svn-devel-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ruby-svn-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ruby-svn-devel-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-devel-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-doc-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-gnome-keyring-devel-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-server-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-tools-1.7.16-0.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"svn-javahl-1.7.16-0.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0255.NASL description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032) A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968) A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service. (CVE-2013-2112) All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. last seen 2020-04-16 modified 2014-03-06 plugin id 72854 published 2014-03-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72854 title RHEL 5 / 6 : subversion (RHSA-2014:0255) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0255. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(72854); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/15"); script_cve_id("CVE-2013-1968", "CVE-2013-2112", "CVE-2014-0032"); script_bugtraq_id(60264, 60267, 65434); script_xref(name:"RHSA", value:"2014:0255"); script_name(english:"RHEL 5 / 6 : subversion (RHSA-2014:0255)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032) A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968) A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service. (CVE-2013-2112) All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol." ); script_set_attribute( attribute:"see_also", value:"https://subversion.apache.org/security/CVE-2014-0032-advisory.txt" ); script_set_attribute( attribute:"see_also", value:"https://subversion.apache.org/security/CVE-2013-1968-advisory.txt" ); script_set_attribute( attribute:"see_also", value:"https://subversion.apache.org/security/CVE-2013-2112-advisory.txt" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0255" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-2112" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0032" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1968" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:subversion-svn2cl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0255"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mod_dav_svn-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mod_dav_svn-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mod_dav_svn-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"subversion-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"subversion-debuginfo-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"subversion-devel-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"subversion-javahl-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"subversion-javahl-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"subversion-javahl-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"subversion-perl-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"subversion-perl-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"subversion-perl-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"subversion-ruby-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"subversion-ruby-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"subversion-ruby-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mod_dav_svn-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"mod_dav_svn-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_dav_svn-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-debuginfo-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-devel-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-gnome-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-javahl-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-kde-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-perl-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-ruby-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"subversion-svn2cl-1.6.11-10.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-debuginfo / subversion-devel / etc"); } }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201610-05.NASL description The remote host is affected by the vulnerability described in GLSA-201610-05 (Subversion, Serf: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 93992 published 2016-10-12 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93992 title GLSA-201610-05 : Subversion, Serf: Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201610-05. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(93992); script_version("$Revision: 2.1 $"); script_cvs_date("$Date: 2016/10/12 13:47:11 $"); script_cve_id("CVE-2014-0032", "CVE-2014-3504", "CVE-2014-3522", "CVE-2014-3528", "CVE-2015-0202", "CVE-2015-0248", "CVE-2015-0251", "CVE-2015-3184", "CVE-2015-3187", "CVE-2015-5259", "CVE-2016-2167", "CVE-2016-2168"); script_xref(name:"GLSA", value:"201610-05"); script_name(english:"GLSA-201610-05 : Subversion, Serf: Multiple Vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201610-05 (Subversion, Serf: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201610-05" ); script_set_attribute( attribute:"solution", value: "All Subversion users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-vcs/subversion-1.9.4' All Serf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/serf-1.3.7'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:serf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:subversion"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-vcs/subversion", unaffected:make_list("ge 1.9.4", "rgt 1.8.16"), vulnerable:make_list("lt 1.9.4"))) flag++; if (qpkg_check(package:"net-libs/serf", unaffected:make_list("ge 1.3.7"), vulnerable:make_list("lt 1.3.7"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Subversion / Serf"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0255.NASL description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032) A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968) A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service. (CVE-2013-2112) All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. last seen 2020-06-01 modified 2020-06-02 plugin id 72866 published 2014-03-07 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72866 title CentOS 5 / 6 : subversion (CESA-2014:0255) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0255 and # CentOS Errata and Security Advisory 2014:0255 respectively. # include("compat.inc"); if (description) { script_id(72866); script_version("1.8"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2013-1968", "CVE-2013-2112", "CVE-2014-0032"); script_bugtraq_id(60264, 60267, 65434); script_xref(name:"RHSA", value:"2014:0255"); script_name(english:"CentOS 5 / 6 : subversion (CESA-2014:0255)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032) A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968) A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service. (CVE-2013-2112) All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol." ); # https://lists.centos.org/pipermail/centos-announce/2014-March/020189.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?01ae660a" ); # https://lists.centos.org/pipermail/centos-announce/2014-March/020190.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0971779c" ); script_set_attribute( attribute:"solution", value:"Update the affected subversion packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2112"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-svn2cl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"mod_dav_svn-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-devel-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-javahl-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-perl-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"subversion-ruby-1.6.11-12.el5_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"mod_dav_svn-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"subversion-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"subversion-devel-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"subversion-gnome-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"subversion-javahl-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"subversion-kde-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"subversion-perl-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"subversion-ruby-1.6.11-10.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"subversion-svn2cl-1.6.11-10.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-devel / subversion-gnome / etc"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-318.NASL description A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the last seen 2020-06-01 modified 2020-06-02 plugin id 73237 published 2014-03-28 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73237 title Amazon Linux AMI : subversion (ALAS-2014-318) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-318. # include("compat.inc"); if (description) { script_id(73237); script_version("1.5"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-0032"); script_xref(name:"ALAS", value:"2014-318"); script_name(english:"Amazon Linux AMI : subversion (ALAS-2014-318)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the 'svn ls http://svn.example.com' command." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-318.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update subversion' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_dav_svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion-javahl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:subversion-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"mod_dav_svn-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-debuginfo-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-devel-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-javahl-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-libs-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-perl-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-python-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-ruby-1.8.8-1.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"subversion-tools-1.8.8-1.42.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-debuginfo / subversion-devel / etc"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1839F78C9F2B11E3980F20CF30E32F6D.NASL description Subversion Project reports : Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 72717 published 2014-02-27 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72717 title FreeBSD : subversion -- mod_dav_svn vulnerability (1839f78c-9f2b-11e3-980f-20cf30e32f6d) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-186.NASL description Apache Subversion was updated to 1.7.16 [bnc#862459] This release addresses one security issue: CVE-2014-0032: mod_dav_svn DoS vulnerability with SVNListParentPath. Affects servers with mod_dav_svn when configured on the root path of the server and SVNListParentPath is on. - Client-side bugfixes : - copy: fix some scenarios that broke the working copy - diff: fix regressions due to fixes in 1.7.14 - Server-side bugfixes : - mod_dav_svn: prevent crashes with SVNListParentPath on (CVE-2014-0032) - reduce memory usage during checkout and export Developer-visible changes : - fix failure in checkout_tests.py - support compiling against Cyrus sasl 2.1.25 - support compiling against neon 0.30.x - modified patches : - subversion-no-build-date.patch for context changes - 1.7.15 was not released - only require and build with junit when building with java and running regression tests last seen 2020-06-05 modified 2014-06-13 plugin id 75279 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75279 title openSUSE Security Update : subversion (openSUSE-SU-2014:0334-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2316-1.NASL description Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2014-0032) Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3522) Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. (CVE-2014-3528). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77219 published 2014-08-15 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77219 title Ubuntu 12.04 LTS / 14.04 LTS : subversion vulnerabilities (USN-2316-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-3365.NASL description This update includes the latest stable release of Subversion, fixing a security issue (CVE-2014-0032) : Subversion last seen 2020-03-17 modified 2014-03-17 plugin id 73033 published 2014-03-17 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73033 title Fedora 20 : subversion-1.8.8-1.fc20 (2014-3365) NASL family MacOS X Local Security Checks NASL id MACOSX_XCODE_6_0_1.NASL description The remote Mac OS X host has a version of Apple Xcode prior to 6.0.1 installed. It is, therefore, affected by a denial of service vulnerability in the bundled Subversion component. The last seen 2020-05-06 modified 2014-09-25 plugin id 77863 published 2014-09-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77863 title Apple Xcode < 6.0.1 (Mac OS X) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-173.NASL description Apache Subversion was updated to version 1.8.8 : It fix a remotely triggerable segfault in mod_dav_svn when svn is handling the server root and SVNListParentPath is on [bnc#862459] CVE-2014-0032 - Client-side bugfixes : - fix automatic relocate for wcs not at repository root - wc: improve performance when used with SQLite 3.8 - copy: fix some scenarios that broke the working copy - move: fix errors when moving files between an external and the parent working copy - log: resolve performance regression in certain scenarios - merge: decrease work to detect differences between 3 files - commit: don last seen 2020-06-05 modified 2014-06-13 plugin id 75270 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75270 title openSUSE Security Update : subversion (openSUSE-SU-2014:0307-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-3567.NASL description This update includes the latest stable release of Apache Subversion 1.7, fixing a security issue (CVE-2014-0032) : Subversion last seen 2020-03-17 modified 2014-03-17 plugin id 73041 published 2014-03-17 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73041 title Fedora 19 : subversion-1.7.16-1.fc19 (2014-3567) NASL family Scientific Linux Local Security Checks NASL id SL_20140305_SUBVERSION_ON_SL5_X.NASL description A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032) A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968) A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service. (CVE-2013-2112) After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. last seen 2020-03-18 modified 2014-03-06 plugin id 72855 published 2014-03-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72855 title Scientific Linux Security Update : subversion on SL5.x, SL6.x i386/x86_64 (20140305) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-085.NASL description Updated subversion packages fix security vulnerabilities : The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via an OPTIONS request (CVE-2014-0032). Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522). Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528). A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108). last seen 2020-06-01 modified 2020-06-02 plugin id 82338 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82338 title Mandriva Linux Security Advisory : subversion (MDVSA-2015:085) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-207.NASL description Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2015-0248 Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. CVE-2015-0251 Subversion HTTP servers allow spoofing svn:author property values for new revisions via specially crafted v1 HTTP protocol request sequences. CVE-2013-1845 Subversion mod_dav_svn was vulnerable to a denial of service attack through a remotely triggered memory exhaustion. CVE-2013-1846 / CVE-2013-1847 / CVE-2013-1849 / CVE-2014-0032 Subversion mod_dav_svn was vulnerable to multiple remotely triggered crashes. This update has been prepared by James McCoy. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-04-27 plugin id 83060 published 2015-04-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83060 title Debian DLA-207-1 : subversion security update NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-058-01.NASL description New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues. last seen 2020-06-01 modified 2020-06-02 plugin id 72731 published 2014-02-28 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72731 title Slackware 14.0 / 14.1 / current : subversion (SSA:2014-058-01) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0255.NASL description From Red Hat Security Advisory 2014:0255 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032) A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968) A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service. (CVE-2013-2112) All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. last seen 2020-06-01 modified 2020-06-02 plugin id 72852 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72852 title Oracle Linux 5 / 6 : subversion (ELSA-2014-0255)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/56822
- http://svn.apache.org/viewvc?view=revision&revision=1557320
- http://www.securityfocus.com/bid/65434
- http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES
- http://www.osvdb.org/102927
- http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2014-0255.html
- http://www.ubuntu.com/usn/USN-2316-1
- http://secunia.com/advisories/60722
- http://support.apple.com/kb/HT6444
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://secunia.com/advisories/61321
- https://security.gentoo.org/glsa/201610-05
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90986
- http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502%40reser.org%3E
- http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA%40mail.gmail.com%3E
- http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf%40ntlworld.com%3E