VuXML ID | Description |
2ae24334-f2e6-11e2-8346-001e8c75030d | subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.
Subversion Project reports:
Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion
on some requests made against a revision root. This can lead to a DoS.
If assertions are disabled it will trigger a read overflow which may cause a
SEGFAULT (or equivalent) or undefined behavior.
Commit access is required to exploit this.
Discovery 2013-07-19 Entry 2013-07-24 Modified 2013-07-25 subversion
>= 1.8.0 lt 1.8.1
>= 1.7.0 lt 1.7.11
CVE-2013-4131
http://subversion.apache.org/security/CVE-2013-4131-advisory.txt
|
f8a913cc-1322-11e3-8ffa-20cf30e32f6d | svnserve is vulnerable to a local privilege escalation vulnerability via symlink attack.
Subversion Project reports:
svnserve takes a --pid-file option which creates a file containing the
process id it is running as. It does not take steps to ensure that the file
it has been directed at is not a symlink. If the pid file is in a directory
writeable by unprivileged users, the destination could be replaced by a
symlink allowing for privilege escalation. svnserve does not create a pid
file by default.
All versions are only vulnerable when the --pid-file=ARG option is used.
Discovery 2013-08-30 Entry 2013-09-02 subversion
>= 1.4.0 lt 1.6.23_2
>= 1.7.0 lt 1.7.13
>= 1.8.0 lt 1.8.3
CVE-2013-4277
http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
|
e3244a7b-5603-11e3-878d-20cf30e32f6d | subversion -- multiple vulnerabilities
Subversion Project reports:
mod_dontdothat does not restrict requests from serf based clients
mod_dontdothat allows you to block update REPORT requests against certain
paths in the repository. It expects the paths in the REPORT request
to be absolute URLs. Serf based clients send relative URLs instead
of absolute URLs in many cases. As a result these clients are not blocked
as configured by mod_dontdothat.
mod_dav_svn assertion triggered by non-canonical URLs in autoversioning commits
When SVNAutoversioning is enabled via SVNAutoversioning on
commits can be made by single HTTP requests such as MKCOL and
PUT. If Subversion is built with assertions enabled any such
requests that have non-canonical URLs, such as URLs with a
trailing /, may trigger an assert. An assert will cause the
Apache process to abort.
Discovery 2013-11-15 Entry 2013-11-25 subversion
>= 1.4.0 lt 1.7.14
>= 1.8.0 lt 1.8.5
CVE-2013-4505
CVE-2013-4558
http://subversion.apache.org/security/CVE-2013-4505-advisory.txt
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
|
ce502902-ca39-11e2-9673-001e8c75030d | devel/subversion -- svnserve remotely triggerable DoS
Subversion team reports:
Subversion's svnserve server process may exit when an incoming TCP connection
is closed early in the connection process.
Discovery 2013-05-31 Entry 2013-05-31 subversion
>= 1.7.0 lt 1.7.10
>= 1.0.0 lt 1.6.23
CVE-2013-2112
|
6d0bf320-ca39-11e2-9673-001e8c75030d | devel/subversion -- contrib hook-scripts can allow arbitrary code execution
Subversion team reports:
The script contrib/hook-scripts/check-mime-type.pl does not escape
argv arguments to 'svnlook' that start with a hyphen. This could be
used to cause 'svnlook', and hence check-mime-type.pl, to error out.
The script contrib/hook-scripts/svn-keyword-check.pl parses filenames
from the output of 'svnlook changed' and passes them to a further
shell command (equivalent to the 'system()' call of the C standard
library) without escaping them. This could be used to run arbitrary
shell commands in the context of the user whom the pre-commit script
runs as (the user who owns the repository).
Discovery 2013-05-31 Entry 2013-05-31 subversion
>= 1.7.0 lt 1.7.10
>= 1.2.0 lt 1.6.23
CVE-2013-2088
|
787d21b9-ca38-11e2-9673-001e8c75030d | devel/subversion -- fsfs repositories can be corrupted by newline characters in filenames
Subversion team reports:
If a filename which contains a newline character (ASCII 0x0a) is
committed to a repository using the FSFS format, the resulting
revision is corrupt.
Discovery 2013-05-31 Entry 2013-05-31 subversion
>= 1.7.0 lt 1.7.10
>= 1.1.0 lt 1.6.23
CVE-2013-1968
|