Vulnerabilities > CVE-2014-3580 - Remote Denial of Service vulnerability in Apache Subversion

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
redhat
apache
debian
apple
nessus

Summary

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>

Vulnerable Configurations

Part Description Count
OS
Redhat
9
OS
Debian
1
Application
Apache
92
Application
Apple
1

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0166.NASL
    descriptionUpdated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server
    last seen2020-06-01
    modified2020-06-02
    plugin id81278
    published2015-02-11
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81278
    titleCentOS 7 : subversion (CESA-2015:0166)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0166 and 
    # CentOS Errata and Security Advisory 2015:0166 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81278);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2014-3528", "CVE-2014-3580", "CVE-2014-8108");
      script_xref(name:"RHSA", value:"2015:0166");
    
      script_name(english:"CentOS 7 : subversion (CESA-2015:0166)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated subversion packages that fix three security issues are now
    available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Subversion (SVN) is a concurrent version control system which enables
    one or more users to collaborate in developing and maintaining a
    hierarchy of files and directories while keeping a history of all
    changes. The mod_dav_svn module is used with the Apache HTTP Server to
    allow access to Subversion repositories via HTTP.
    
    A NULL pointer dereference flaw was found in the way the mod_dav_svn
    module handled REPORT requests. A remote, unauthenticated attacker
    could use a specially crafted REPORT request to crash mod_dav_svn.
    (CVE-2014-3580)
    
    A NULL pointer dereference flaw was found in the way the mod_dav_svn
    module handled certain requests for URIs that trigger a lookup of a
    virtual transaction name. A remote, unauthenticated attacker could
    send a request for a virtual transaction name that does not exist,
    causing mod_dav_svn to crash. (CVE-2014-8108)
    
    It was discovered that Subversion clients retrieved cached
    authentication credentials using the MD5 hash of the server realm
    string without also checking the server's URL. A malicious server able
    to provide a realm that triggers an MD5 collision could possibly use
    this flaw to obtain the credentials for a different realm.
    (CVE-2014-3528)
    
    Red Hat would like to thank the Subversion project for reporting
    CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov
    of VisualSVN as the original reporter.
    
    All subversion users should upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, for the update to take effect, you must restart
    the httpd daemon, if you are using mod_dav_svn, and the svnserve
    daemon, if you are serving Subversion repositories via the svn://
    protocol."
      );
      # https://lists.centos.org/pipermail/centos-announce/2015-February/020931.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f3bc739f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected subversion packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3580");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mod_dav_svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-javahl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:subversion-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"mod_dav_svn-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-devel-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-gnome-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-javahl-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-kde-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-libs-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-perl-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-python-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-ruby-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"subversion-tools-1.7.14-7.el7_0")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-devel / subversion-gnome / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-821.NASL
    descriptionThis Apache Subversion update fixes the following security and non security issues. - Apache Subversion 1.8.11 - This release addresses two security issues: [boo#909935] - CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. - CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. - Client-side bugfixes : - checkout/update: fix file externals failing to follow history and subsequently silently failing - patch: don
    last seen2020-06-05
    modified2014-12-30
    plugin id80299
    published2014-12-30
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80299
    titleopenSUSE Security Update : subversion (openSUSE-SU-2014:1725-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-821.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80299);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-3580", "CVE-2014-8108");
    
      script_name(english:"openSUSE Security Update : subversion (openSUSE-SU-2014:1725-1)");
      script_summary(english:"Check for the openSUSE-2014-821 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This Apache Subversion update fixes the following security and non
    security issues.
    
      - Apache Subversion 1.8.11
    
      - This release addresses two security issues: [boo#909935]
    
      - CVE-2014-3580: mod_dav_svn DoS from invalid REPORT
        requests.
    
      - CVE-2014-8108: mod_dav_svn DoS from use of invalid
        transaction names.
    
      - Client-side bugfixes :
    
      - checkout/update: fix file externals failing to follow
        history and subsequently silently failing
    
      - patch: don't skip targets in valid --git difs
    
      - diff: make property output in diffs stable
    
      - diff: fix diff of local copied directory with props
    
      - diff: fix changelist filter for repos-WC and WC-WC
    
      - remove broken conflict resolver menu options that always
        error out
    
      - improve gpg-agent support
    
      - fix crash in eclipse IDE with GNOME Keyring
    
      - fix externals shadowing a versioned directory
    
      - fix problems working on unix file systems that don't
        support permissions
    
      - upgrade: keep external registrations
    
      - cleanup: iprove performance of recorded timestamp fixups
    
      - translation updates for German
    
      - Server-side bugfixes :
    
      - disable revprop caching feature due to cache
        invalidation problems
    
      - skip generating uniquifiers if rep-sharing is not
        supported
    
      - mod_dav_svn: reject requests with missing repository
        paths
    
      - mod_dav_svn: reject requests with invalid virtual
        transaction names
    
      - mod_dav_svn: avoid unneeded memory growth in resource
        walking"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=909935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00107.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected subversion packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python-ctypes");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3|SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_gnome_keyring-1-0-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_kwallet-1-0-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-bash-completion-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-debuginfo-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-debugsource-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-devel-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-perl-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-perl-debuginfo-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-python-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-python-debuginfo-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-server-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-server-debuginfo-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-tools-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"subversion-tools-debuginfo-1.7.19-2.40.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libsvn_auth_gnome_keyring-1-0-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libsvn_auth_kwallet-1-0-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-bash-completion-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-debuginfo-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-debugsource-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-devel-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-perl-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-perl-debuginfo-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-python-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-python-debuginfo-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-ruby-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-ruby-debuginfo-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-server-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-server-debuginfo-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-tools-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"subversion-tools-debuginfo-1.8.11-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_gnome_keyring-1-0-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_kwallet-1-0-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-bash-completion-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-debuginfo-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-debugsource-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-devel-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-perl-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-perl-debuginfo-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-ctypes-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-debuginfo-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-ruby-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-ruby-debuginfo-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-server-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-server-debuginfo-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-tools-1.8.11-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-tools-debuginfo-1.8.11-2.7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsvn_auth_gnome_keyring-1-0 / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2721-1.NASL
    descriptionIt was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id85579
    published2015-08-21
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85579
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2721-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85579);
      script_version("2.6");
      script_cvs_date("Date: 2019/09/18 12:31:44");
    
      script_cve_id("CVE-2014-3580", "CVE-2014-8108", "CVE-2015-0202", "CVE-2015-0248", "CVE-2015-0251", "CVE-2015-3184", "CVE-2015-3187");
      script_xref(name:"USN", value:"2721-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Subversion mod_dav_svn module incorrectly
    handled REPORT requests for a resource that does not exist. A remote
    attacker could use this issue to cause the server to crash, resulting
    in a denial of service. This issue only affected Ubuntu 12.04 LTS and
    Ubuntu 14.04 LTS. (CVE-2014-3580)
    
    It was discovered that the Subversion mod_dav_svn module incorrectly
    handled requests requiring a lookup for a virtual transaction name
    that does not exist. A remote attacker could use this issue to cause
    the server to crash, resulting in a denial of service. This issue only
    affected Ubuntu 14.04 LTS. (CVE-2014-8108)
    
    Evgeny Kotkov discovered that the Subversion mod_dav_svn module
    incorrectly handled large numbers of REPORT requests. A remote
    attacker could use this issue to cause the server to crash, resulting
    in a denial of service. This issue only affected Ubuntu 14.04 LTS and
    Ubuntu 15.04. (CVE-2015-0202)
    
    Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve
    modules incorrectly certain crafted parameter combinations. A remote
    attacker could use this issue to cause the server to crash, resulting
    in a denial of service. (CVE-2015-0248)
    
    Ivan Zhakov discovered that the Subversion mod_dav_svn module
    incorrectly handled crafted v1 HTTP protocol request sequences. A
    remote attacker could use this issue to spoof the svn:author property.
    (CVE-2015-0251)
    
    C. Michael Pilato discovered that the Subversion mod_dav_svn module
    incorrectly restricted anonymous access. A remote attacker could use
    this issue to read hidden files via the path name. This issue only
    affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
    
    C. Michael Pilato discovered that Subversion incorrectly handled
    path-based authorization. A remote attacker could use this issue to
    obtain sensitive path information. (CVE-2015-3187).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2721-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected libapache2-svn, libsvn1 and / or subversion
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libapache2-svn", pkgver:"1.6.17dfsg-3ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libsvn1", pkgver:"1.6.17dfsg-3ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"subversion", pkgver:"1.6.17dfsg-3ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libapache2-svn", pkgver:"1.8.8-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libsvn1", pkgver:"1.8.8-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"subversion", pkgver:"1.8.8-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libapache2-svn", pkgver:"1.8.10-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libsvn1", pkgver:"1.8.10-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"subversion", pkgver:"1.8.10-5ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-svn / libsvn1 / subversion");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0166.NASL
    descriptionFrom Red Hat Security Advisory 2015:0166 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server
    last seen2020-06-01
    modified2020-06-02
    plugin id81289
    published2015-02-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81289
    titleOracle Linux 7 : subversion (ELSA-2015-0166)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2015:0166 and 
    # Oracle Linux Security Advisory ELSA-2015-0166 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81289);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/27 13:00:36");
    
      script_cve_id("CVE-2014-3528", "CVE-2014-3580", "CVE-2014-8108");
      script_bugtraq_id(68995, 71725, 71726);
      script_xref(name:"RHSA", value:"2015:0166");
    
      script_name(english:"Oracle Linux 7 : subversion (ELSA-2015-0166)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2015:0166 :
    
    Updated subversion packages that fix three security issues are now
    available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Subversion (SVN) is a concurrent version control system which enables
    one or more users to collaborate in developing and maintaining a
    hierarchy of files and directories while keeping a history of all
    changes. The mod_dav_svn module is used with the Apache HTTP Server to
    allow access to Subversion repositories via HTTP.
    
    A NULL pointer dereference flaw was found in the way the mod_dav_svn
    module handled REPORT requests. A remote, unauthenticated attacker
    could use a specially crafted REPORT request to crash mod_dav_svn.
    (CVE-2014-3580)
    
    A NULL pointer dereference flaw was found in the way the mod_dav_svn
    module handled certain requests for URIs that trigger a lookup of a
    virtual transaction name. A remote, unauthenticated attacker could
    send a request for a virtual transaction name that does not exist,
    causing mod_dav_svn to crash. (CVE-2014-8108)
    
    It was discovered that Subversion clients retrieved cached
    authentication credentials using the MD5 hash of the server realm
    string without also checking the server's URL. A malicious server able
    to provide a realm that triggers an MD5 collision could possibly use
    this flaw to obtain the credentials for a different realm.
    (CVE-2014-3528)
    
    Red Hat would like to thank the Subversion project for reporting
    CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov
    of VisualSVN as the original reporter.
    
    All subversion users should upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    the updated packages, for the update to take effect, you must restart
    the httpd daemon, if you are using mod_dav_svn, and the svnserve
    daemon, if you are serving Subversion repositories via the svn://
    protocol."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-February/004840.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected subversion packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_dav_svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-javahl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:subversion-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"mod_dav_svn-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-devel-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-gnome-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-javahl-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-kde-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-libs-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-perl-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-python-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-ruby-1.7.14-7.el7_0")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"subversion-tools-1.7.14-7.el7_0")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_dav_svn / subversion / subversion-devel / subversion-gnome / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-119.NASL
    descriptionEvgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service. We recommend that you upgrade your subversion packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82102
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82102
    titleDebian DLA-119-1 : subversion security update
  • NASL familyWeb Servers
    NASL idAPACHE_MOD_DAV_SVN_REMOTE_DOS.NASL
    descriptionThe remote host is running a version of Apache SVN 1.7.x prior to 1.7.19 or 1.8.x prior to 1.8.11. It is, therefore, affected by multiple denial of service vulnerabilities : - A NULL pointer dereference flaw exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id80864
    published2015-01-20
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80864
    titleApache Subversion 1.7.x < 1.7.19 / 1.8.x < 1.8.11 Multiple Remote DoS
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-005.NASL
    descriptionUpdated subversion packages fix security vulnerabilities : A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
    last seen2020-06-01
    modified2020-06-02
    plugin id80386
    published2015-01-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80386
    titleMandriva Linux Security Advisory : subversion (MDVSA-2015:005)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0165.NASL
    descriptionUpdated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server
    last seen2020-06-01
    modified2020-06-02
    plugin id81277
    published2015-02-11
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81277
    titleCentOS 6 : subversion (CESA-2015:0165)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F5561ADE846C11E4B7A720CF30E32F6D.NASL
    descriptionSubversion Project reports : Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id80039
    published2014-12-16
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80039
    titleFreeBSD : subversion -- DoS vulnerabilities (f5561ade-846c-11e4-b7a7-20cf30e32f6d)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_XCODE_6_2.NASL
    descriptionThe Apple Xcode installed on the remote Mac OS X host is prior to version 6.2. It is, therefore, affected by the following vulnerabilities : - Numerous errors exist related to the bundled version of Apache Subversion. (CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108) - An error exists related to the bundled version of Git that allows arbitrary files to be added to the .git folder. (CVE-2014-9390)
    last seen2020-05-06
    modified2015-03-11
    plugin id81758
    published2015-03-11
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81758
    titleApple Xcode < 6.2 (Mac OS X)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-555.NASL
    descriptionA NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)
    last seen2020-06-01
    modified2020-06-02
    plugin id84372
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84372
    titleAmazon Linux AMI : mod_dav_svn / subversion (ALAS-2015-555)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150210_SUBVERSION_ON_SL7_X.NASL
    descriptionA NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server
    last seen2020-03-18
    modified2015-02-12
    plugin id81310
    published2015-02-12
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81310
    titleScientific Linux Security Update : subversion on SL7.x x86_64 (20150210)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0165.NASL
    descriptionUpdated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server
    last seen2020-06-01
    modified2020-06-02
    plugin id81292
    published2015-02-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81292
    titleRHEL 6 : subversion (RHSA-2015:0165)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-17118.NASL
    descriptionThis update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see : http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt **Client-side bugfixes:** - checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 - patch: don
    last seen2020-03-17
    modified2015-01-06
    plugin id80373
    published2015-01-06
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80373
    titleFedora 21 : subversion-1.8.11-1.fc21 (2014-17118)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0165.NASL
    descriptionFrom Red Hat Security Advisory 2015:0165 : Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server
    last seen2020-06-01
    modified2020-06-02
    plugin id81288
    published2015-02-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81288
    titleOracle Linux 6 : subversion (ELSA-2015-0165)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0166.NASL
    descriptionUpdated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server
    last seen2020-06-01
    modified2020-06-02
    plugin id81293
    published2015-02-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81293
    titleRHEL 7 : subversion (RHSA-2015:0166)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3107.NASL
    descriptionEvgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.
    last seen2020-03-17
    modified2014-12-23
    plugin id80207
    published2014-12-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80207
    titleDebian DSA-3107-1 : subversion - security update
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-085.NASL
    descriptionUpdated subversion packages fix security vulnerabilities : The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via an OPTIONS request (CVE-2014-0032). Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications (CVE-2014-3522). Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528). A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
    last seen2020-06-01
    modified2020-06-02
    plugin id82338
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82338
    titleMandriva Linux Security Advisory : subversion (MDVSA-2015:085)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150210_SUBVERSION_ON_SL6_X.NASL
    descriptionA NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server
    last seen2020-03-18
    modified2015-02-12
    plugin id81309
    published2015-02-12
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81309
    titleScientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150210)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-17222.NASL
    descriptionThis update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see : http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt **Client-side bugfixes:** - checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 - patch: don
    last seen2020-03-17
    modified2015-01-06
    plugin id80375
    published2015-01-06
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80375
    titleFedora 20 : subversion-1.8.11-1.fc20 (2014-17222)

Redhat

advisories
  • bugzilla
    id1174054
    titleCVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentsubversion-svn2cl is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165001
          • commentsubversion-svn2cl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258002
        • AND
          • commentsubversion-devel is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165003
          • commentsubversion-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258012
        • AND
          • commentsubversion-kde is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165005
          • commentsubversion-kde is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258004
        • AND
          • commentsubversion-ruby is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165007
          • commentsubversion-ruby is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258016
        • AND
          • commentsubversion-perl is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165009
          • commentsubversion-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258014
        • AND
          • commentsubversion-gnome is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165011
          • commentsubversion-gnome is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258018
        • AND
          • commentsubversion-javahl is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165013
          • commentsubversion-javahl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258008
        • AND
          • commentmod_dav_svn is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165015
          • commentmod_dav_svn is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258006
        • AND
          • commentsubversion is earlier than 0:1.6.11-12.el6_6
            ovaloval:com.redhat.rhsa:tst:20150165017
          • commentsubversion is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110258010
    rhsa
    idRHSA-2015:0165
    released2015-02-10
    severityModerate
    titleRHSA-2015:0165: subversion security update (Moderate)
  • rhsa
    idRHSA-2015:0166
rpms
  • mod_dav_svn-0:1.6.11-12.el6_6
  • subversion-0:1.6.11-12.el6_6
  • subversion-debuginfo-0:1.6.11-12.el6_6
  • subversion-devel-0:1.6.11-12.el6_6
  • subversion-gnome-0:1.6.11-12.el6_6
  • subversion-javahl-0:1.6.11-12.el6_6
  • subversion-kde-0:1.6.11-12.el6_6
  • subversion-perl-0:1.6.11-12.el6_6
  • subversion-ruby-0:1.6.11-12.el6_6
  • subversion-svn2cl-0:1.6.11-12.el6_6
  • mod_dav_svn-0:1.7.14-7.el7_0
  • subversion-0:1.7.14-7.el7_0
  • subversion-debuginfo-0:1.7.14-7.el7_0
  • subversion-devel-0:1.7.14-7.el7_0
  • subversion-gnome-0:1.7.14-7.el7_0
  • subversion-javahl-0:1.7.14-7.el7_0
  • subversion-kde-0:1.7.14-7.el7_0
  • subversion-libs-0:1.7.14-7.el7_0
  • subversion-perl-0:1.7.14-7.el7_0
  • subversion-python-0:1.7.14-7.el7_0
  • subversion-ruby-0:1.7.14-7.el7_0
  • subversion-tools-0:1.7.14-7.el7_0