Executive Summary
Summary | |
---|---|
Title | subversion security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0258 | First vendor Publication | 2011-02-15 |
Vendor | RedHat | Last vendor Modification | 2011-02-15 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to "short_circuit", certain access rules were not enforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to "On" by default. (CVE-2010-3315) A server-side memory leak was found in the Subversion server. If a malicious, remote user performed "svn blame" or "svn log" operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 640317 - CVE-2010-3315 Subversion: Access restriction bypass by checkout of the root of the repository 667407 - CVE-2010-4539 Subversion (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser 667763 - CVE-2010-4644 Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0258.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-399 | Resource Management Errors |
33 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11774 | |||
Oval ID: | oval:org.mitre.oval:def:11774 | ||
Title: | DSA-2118-1 subversion -- logic flaw | ||
Description: | Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn module of subversion, a version control system, is not properly enforcing access rules which are scope-limited to named repositories. If the SVNPathAuthz option is set to "short_circuit" set this may enable an unprivileged attacker to bypass intended access restrictions and disclose or modify repository content. As a workaround it is also possible to set SVNPathAuthz to "on" but be advised that this can result in a performance decrease for large repositories. For the stable distribution, this problem has been fixed in version 1.5.1dfsg1-5. For the testing distribution, this problem has been fixed in version 1.6.12dfsg-2. For the unstable distribution, this problem has been fixed in version 1.6.12dfsg-2. We recommend that you upgrade your samba packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2118-1 CVE-2010-3315 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | subversion |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19007 | |||
Oval ID: | oval:org.mitre.oval:def:19007 | ||
Title: | Apache Subversion vulnerability 1.5.x before 1.5.8 and 1.6.x before 1.6.13 in VisualSVN Server (CVE-2010-3315) | ||
Description: | authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3315 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21915 | |||
Oval ID: | oval:org.mitre.oval:def:21915 | ||
Title: | RHSA-2011:0257: subversion security update (Moderate) | ||
Description: | Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0257-01 CESA-2011:0257 CVE-2010-4539 CVE-2010-4644 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | subversion |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23029 | |||
Oval ID: | oval:org.mitre.oval:def:23029 | ||
Title: | ELSA-2011:0257: subversion security update (Moderate) | ||
Description: | Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0257-01 CVE-2010-4539 CVE-2010-4644 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | subversion |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27213 | |||
Oval ID: | oval:org.mitre.oval:def:27213 | ||
Title: | DEPRECATED: ELSA-2011-0257 -- subversion security update (moderate) | ||
Description: | [1.6.11-7.1] - add security fixes for CVE-2010-4644, CVE-2010-4539 (#672676) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0257 CVE-2010-4539 CVE-2010-4644 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | subversion |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for mod_dav_svn CESA-2011:0257 centos5 x86_64 File : nvt/gb_CESA-2011_0257_mod_dav_svn_centos5_x86_64.nasl |
2012-06-05 | Name : RedHat Update for subversion RHSA-2011:0258-01 File : nvt/gb_RHSA-2011_0258-01_subversion.nasl |
2011-08-26 | Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001) File : nvt/secpod_macosx_su11-001.nasl |
2011-08-09 | Name : CentOS Update for mod_dav_svn CESA-2011:0257 centos5 i386 File : nvt/gb_CESA-2011_0257_mod_dav_svn_centos5_i386.nasl |
2011-02-18 | Name : RedHat Update for subversion RHSA-2011:0257-01 File : nvt/gb_RHSA-2011_0257-01_subversion.nasl |
2011-02-04 | Name : Ubuntu Update for subversion vulnerabilities USN-1053-1 File : nvt/gb_ubuntu_USN_1053_1.nasl |
2011-01-24 | Name : FreeBSD Ports: subversion File : nvt/freebsd_subversion2.nasl |
2011-01-21 | Name : Fedora Update for subversion FEDORA-2011-0099 File : nvt/gb_fedora_2011_0099_subversion_fc14.nasl |
2011-01-21 | Name : Mandriva Update for subversion MDVSA-2011:006 (subversion) File : nvt/gb_mandriva_MDVSA_2011_006.nasl |
2010-12-02 | Name : Fedora Update for subversion FEDORA-2010-16148 File : nvt/gb_fedora_2010_16148_subversion_fc14.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2118-1 (subversion) File : nvt/deb_2118_1.nasl |
2010-11-04 | Name : Fedora Update for subversion FEDORA-2010-16115 File : nvt/gb_fedora_2010_16115_subversion_fc12.nasl |
2010-11-04 | Name : Fedora Update for subversion FEDORA-2010-16136 File : nvt/gb_fedora_2010_16136_subversion_fc13.nasl |
2010-10-19 | Name : Mandriva Update for subversion MDVSA-2010:199 (subversion) File : nvt/gb_mandriva_MDVSA_2010_199.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70333 | Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS Apache Subversion contains a flaw that may allow a remote denial of service. The issue is triggered when multiple memory leaks in 'rev_hunt.c' occur, allowing a remote authenticated attacker to cause a denial of service by memory consumption via the -g option to the blame command. |
70332 | Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNPare... Apache Subversion contains a flaw that may allow a remote denial of service. The issue is triggered when the 'walk' function in 'repos.c' in the 'mod_dav_svn' module allows a remote, authenticated attacker to cause a NULL pointer dereference denial of service via vectors that trigger the walking of SVNParentPath collections. |
68328 | Subversion mod_dav_svn Module authz.c svn Command Access Restriction Bypass Subversion contains a flaw related to 'authz.c' in the 'mod_dav_svn' module. The issue is triggered when SVNPathAuthz short_circuit is enabled and fails to properly handle a named repository as a rule scope. This may allow a remote authenticated attacker to use svn commands to bypass intended access restrictions and gain access to a restricted part of the repository. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libsvn_auth_gnome_keyring-1-0-110119.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libsvn_auth_gnome_keyring-1-0-101029.nasl - Type : ACT_GATHER_INFO |
2013-09-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-11.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0258.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0257.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110215_subversion_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110215_subversion_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libsvn_auth_gnome_keyring-1-0-110119.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libsvn_auth_gnome_keyring-1-0-101028.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libsvn_auth_gnome_keyring-1-0-101029.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0257.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO |
2011-03-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cvs2svn-7319.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0257.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0258.nasl - Type : ACT_GATHER_INFO |
2011-02-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1053-1.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-006.nasl - Type : ACT_GATHER_INFO |
2011-01-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0099.nasl - Type : ACT_GATHER_INFO |
2011-01-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_716120991e9311e0a587001b77d09812.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16136.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16148.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16115.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-199.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2118.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:20 |
|