Vulnerabilities > CVE-2016-2167 - Improper Access Control vulnerability in Apache Subversion

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
apache
CWE-284
nessus

Summary

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

Vulnerable Configurations

Part Description Count
Application
Apache
156

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-20CC04AC50.NASL
    description - Update to 1.9.4 (#1331222) CVE-2016-2167 CVE-2016-2168 - Move tools in docs to tools subpackage (rhbz 1171757 1199761) - Disable make check to work around FTBFS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-05-12
    plugin id91059
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91059
    titleFedora 24 : subversion-1.9.4-1.fc24 (2016-20cc04ac50)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2016-20cc04ac50.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91059);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-2167", "CVE-2016-2168");
      script_xref(name:"FEDORA", value:"2016-20cc04ac50");
    
      script_name(english:"Fedora 24 : subversion-1.9.4-1.fc24 (2016-20cc04ac50)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Update to 1.9.4 (#1331222) CVE-2016-2167 CVE-2016-2168 -
        Move tools in docs to tools subpackage (rhbz 1171757
        1199761) - Disable make check to work around FTBFS
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1171757"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1199761"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1331222"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1331687"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0d62a72a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected subversion package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"subversion-1.9.4-1.fc24")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "subversion");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-571.NASL
    descriptionThis update for subversion fixes the following issues : - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) The following non-security bugs were fixed : - mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (boo#977424)
    last seen2020-06-05
    modified2016-05-09
    plugin id90983
    published2016-05-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90983
    titleopenSUSE Security Update : subversion (openSUSE-2016-571)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-571.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90983);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-2167", "CVE-2016-2168");
    
      script_name(english:"openSUSE Security Update : subversion (openSUSE-2016-571)");
      script_summary(english:"Check for the openSUSE-2016-571 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for subversion fixes the following issues :
    
      - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY
        authorization check (bsc#976849)
    
      - CVE-2016-2168: svnserve/sasl may authenticate users
        using the wrong realm (bsc#976850)
    
    The following non-security bugs were fixed :
    
      - mod_authz_svn: fix authz with
        mod_auth_kerb/mod_auth_ntlm (boo#977424)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=976849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=976850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=977424"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected subversion packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python-ctypes");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_gnome_keyring-1-0-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_kwallet-1-0-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-bash-completion-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-debuginfo-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-debugsource-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-devel-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-perl-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-perl-debuginfo-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-ctypes-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-python-debuginfo-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-ruby-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-ruby-debuginfo-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-server-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-server-debuginfo-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-tools-1.8.16-2.26.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"subversion-tools-debuginfo-1.8.16-2.26.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsvn_auth_gnome_keyring-1-0 / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2504.NASL
    descriptionAccording to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion
    last seen2020-05-08
    modified2019-12-04
    plugin id131657
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131657
    titleEulerOS 2.0 SP2 : subversion (EulerOS-SA-2019-2504)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-709.NASL
    descriptionThe canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. (CVE-2016-2167) The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. (CVE-2016-2168)
    last seen2020-06-01
    modified2020-06-02
    plugin id91468
    published2016-06-06
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91468
    titleAmazon Linux AMI : subversion (ALAS-2016-709)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3388-1.NASL
    descriptionJoern Schneeweisz discovered that Subversion did not properly handle host names in
    last seen2020-06-01
    modified2020-06-02
    plugin id102424
    published2017-08-11
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102424
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : subversion vulnerabilities (USN-3388-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201610-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201610-05 (Subversion, Serf: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id93992
    published2016-10-12
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93992
    titleGLSA-201610-05 : Subversion, Serf: Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2669.NASL
    descriptionAccording to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion
    last seen2020-05-08
    modified2019-12-18
    plugin id132204
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132204
    titleEulerOS 2.0 SP3 : subversion (EulerOS-SA-2019-2669)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3561.NASL
    descriptionSeveral vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2167 Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially allowing a user to authenticate using the wrong realm. - CVE-2016-2168 Ivan Zhakov of VisualSVN discovered a remotely triggerable denial of service vulnerability in the mod_authz_svn module during COPY or MOVE authorization check. An authenticated remote attacker could take advantage of this flaw to cause a denial of service (Subversion server crash) via COPY or MOVE requests with specially crafted header.
    last seen2020-06-01
    modified2020-06-02
    plugin id90808
    published2016-05-02
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90808
    titleDebian DSA-3561-1 : subversion - security update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0013.NASL
    descriptionAn update of [ subversion, libtasn1, unzip, dhcp ] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111847
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111847
    titlePhoton OS 1.0: Dhcp / Libtasn1 / Subversion / Unzip PHSA-2016-0013 (deprecated)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0013_SUBVERSION.NASL
    descriptionAn update of the subversion package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121656
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121656
    titlePhoton OS 1.0: Subversion PHSA-2016-0013
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-570.NASL
    descriptionThis update for subversion fixes the following issues : - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) The following non-security bugs were fixed : - bsc#969159: subversion dependencies did not enforce matching password store - bsc#911620: svnserve could not be started via YaST Service manager This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-05-09
    plugin id90982
    published2016-05-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90982
    titleopenSUSE Security Update : subversion (openSUSE-2016-570)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-121-01.NASL
    descriptionNew subversion packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90802
    published2016-05-02
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90802
    titleSlackware 14.0 / 14.1 / current : subversion (SSA:2016-121-01)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-E024B3E02B.NASL
    description - Update to 1.9.4 (#1331222) CVE-2016-2167 CVE-2016-2168 - Move tools in docs to tools subpackage (rhbz 1171757 1199761) - Disable make check to work around FTBFS Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92183
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92183
    titleFedora 23 : subversion (2016-e024b3e02b)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2550.NASL
    descriptionAccording to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.(CVE-2015-5343) - The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.(CVE-2016-2167) - The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.(CVE-2016-2168) - Apache Subversion
    last seen2020-05-08
    modified2019-12-09
    plugin id131824
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131824
    titleEulerOS 2.0 SP5 : subversion (EulerOS-SA-2019-2550)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-710.NASL
    descriptionThe canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. (CVE-2016-2167) The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. (CVE-2016-2168)
    last seen2020-06-01
    modified2020-06-02
    plugin id91469
    published2016-06-06
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91469
    titleAmazon Linux AMI : mod_dav_svn (ALAS-2016-710)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C8174B630D3A11E6B06ED43D7EED0CE2.NASL
    descriptionSubversion project reports : svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string. Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id90780
    published2016-04-29
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90780
    titleFreeBSD : subversion -- multiple vulnerabilities (c8174b63-0d3a-11e6-b06e-d43d7eed0ce2)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-448.NASL
    descriptionCVE-2016-2167 svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption. Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string. CVE-2016-2168 Subversion
    last seen2020-03-17
    modified2016-05-02
    plugin id90805
    published2016-05-02
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90805
    titleDebian DLA-448-1 : subversion security update

References