ID CVE-2016-2168 Type cve Reporter cve@mitre.org Modified 2020-10-20T22:15:00
Description
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.
<a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
{"archlinux": [{"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "- CVE-2016-2167 (authentication restriction bypass)\n\nThe canonicalize_username function in svnserve/cyrus_auth.c, when Cyrus\nSASL authentication is used, allows remote attackers to authenticate\nand bypass intended access restrictions via a realm string that is a\nprefix of an expected repository realm string.\n\n- CVE-2016-2168 (denial of service)\n\nThe req_check_access function in the mod_authz_svn module in the httpd\nserver allows remote authenticated users to cause a denial of service\n(NULL pointer dereference and crash) via a crafted header in a (1) MOVE\nor (2) COPY request, involving an authorization check.", "modified": "2016-06-08T00:00:00", "published": "2016-06-08T00:00:00", "id": "ASA-201606-6", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html", "type": "archlinux", "title": "subversion: multiple issues", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:26", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "**Issue Overview:**\n\nThe canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. ([CVE-2016-2167 __](<https://access.redhat.com/security/cve/CVE-2016-2167>))\n\nThe req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. ([CVE-2016-2168 __](<https://access.redhat.com/security/cve/CVE-2016-2168>))\n\n \n**Affected Packages:** \n\n\nmod_dav_svn\n\n \n**Issue Correction:** \nRun _yum update mod_dav_svn_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod_dav_svn-debuginfo-1.9.4-2.52.amzn1.i686 \n mod_dav_svn-1.9.4-2.52.amzn1.i686 \n \n src: \n mod_dav_svn-1.9.4-2.52.amzn1.src \n \n x86_64: \n mod_dav_svn-1.9.4-2.52.amzn1.x86_64 \n mod_dav_svn-debuginfo-1.9.4-2.52.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2016-06-02T18:09:00", "published": "2016-06-02T18:09:00", "id": "ALAS-2016-710", "href": "https://alas.aws.amazon.com/ALAS-2016-710.html", "title": "Medium: mod_dav_svn", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-11-10T12:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "**Issue Overview:**\n\nThe canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. ([CVE-2016-2167 __](<https://access.redhat.com/security/cve/CVE-2016-2167>))\n\nThe req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. ([CVE-2016-2168 __](<https://access.redhat.com/security/cve/CVE-2016-2168>))\n\n \n**Affected Packages:** \n\n\nsubversion\n\n \n**Issue Correction:** \nRun _yum update subversion_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n subversion-perl-1.9.4-2.54.amzn1.i686 \n subversion-1.9.4-2.54.amzn1.i686 \n subversion-javahl-1.9.4-2.54.amzn1.i686 \n subversion-devel-1.9.4-2.54.amzn1.i686 \n subversion-python26-1.9.4-2.54.amzn1.i686 \n subversion-tools-1.9.4-2.54.amzn1.i686 \n subversion-ruby-1.9.4-2.54.amzn1.i686 \n subversion-debuginfo-1.9.4-2.54.amzn1.i686 \n mod24_dav_svn-1.9.4-2.54.amzn1.i686 \n subversion-python27-1.9.4-2.54.amzn1.i686 \n subversion-libs-1.9.4-2.54.amzn1.i686 \n \n src: \n subversion-1.9.4-2.54.amzn1.src \n \n x86_64: \n subversion-python27-1.9.4-2.54.amzn1.x86_64 \n subversion-ruby-1.9.4-2.54.amzn1.x86_64 \n subversion-tools-1.9.4-2.54.amzn1.x86_64 \n subversion-debuginfo-1.9.4-2.54.amzn1.x86_64 \n subversion-1.9.4-2.54.amzn1.x86_64 \n subversion-perl-1.9.4-2.54.amzn1.x86_64 \n subversion-javahl-1.9.4-2.54.amzn1.x86_64 \n subversion-devel-1.9.4-2.54.amzn1.x86_64 \n subversion-libs-1.9.4-2.54.amzn1.x86_64 \n subversion-python26-1.9.4-2.54.amzn1.x86_64 \n mod24_dav_svn-1.9.4-2.54.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2016-06-02T18:08:00", "published": "2016-06-02T18:08:00", "id": "ALAS-2016-709", "href": "https://alas.aws.amazon.com/ALAS-2016-709.html", "title": "Medium: subversion", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2167", "CVE-2016-2168"], "description": "New subversion packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/subversion-1.7.22-i486-2_slack14.1.txz: Rebuilt.\n This update patches two security issues:\n CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm.\n CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn\n during COPY/MOVE authorization check.\n For more information, see:\n http://subversion.apache.org/security/CVE-2016-2167-advisory.txt\n http://subversion.apache.org/security/CVE-2016-2168-advisory.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/subversion-1.7.22-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/subversion-1.7.22-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/subversion-1.7.22-i486-2_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/subversion-1.7.22-x86_64-2_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/subversion-1.9.4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/subversion-1.9.4-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n5f59cf151153f86cd61f2c2219a81f80 subversion-1.7.22-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n93712ed45e78c515c40162b85021278d subversion-1.7.22-x86_64-2_slack14.0.txz\n\nSlackware 14.1 package:\nb9e7c9e0cd91fc47e0e5e7ed858253b7 subversion-1.7.22-i486-2_slack14.1.txz\n\nSlackware x86_64 14.1 package:\naf62bdf7009eb35f99d44a9dfc2214cc subversion-1.7.22-x86_64-2_slack14.1.txz\n\nSlackware -current package:\n28b16d0ab7a43837bfce9f4c8d1b3d67 d/subversion-1.9.4-i586-1.txz\n\nSlackware x86_64 -current package:\n91c1f0d9733150b4ad7e51efd33c4634 d/subversion-1.9.4-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg subversion-1.7.22-i486-2_slack14.1.txz", "modified": "2016-04-30T20:34:18", "published": "2016-04-30T20:34:18", "id": "SSA-2016-121-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.417496", "type": "slackware", "title": "[slackware-security] subversion", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2020-03-17T22:56:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120698", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-709)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120698\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:11 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-709)\");\n script_tag(name:\"insight\", value:\"The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. (CVE-2016-2167 )The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. (CVE-2016-2168 )\");\n script_tag(name:\"solution\", value:\"Run yum update subversion to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-709.html\");\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-javahl\", rpm:\"subversion-javahl~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-python26\", rpm:\"subversion-python26~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-ruby\", rpm:\"subversion-ruby~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-debuginfo\", rpm:\"subversion-debuginfo~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"svn\", rpm:\"svn~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-python27\", rpm:\"subversion-python27~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-libs\", rpm:\"subversion-libs~1.9.4~2.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-05-11T00:00:00", "id": "OPENVAS:1361412562310808025", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808025", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2016-20", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2016-20\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808025\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:22:45 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for subversion FEDORA-2016-20\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'subversion'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"subversion on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-20\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.9.4~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "Several vulnerabilities were discovered\nin Subversion, a version control system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2016-2167\nDaniel Shahaf and James McCoy discovered that an implementation\nerror in the authentication against the Cyrus SASL library would\npermit a remote user to specify a realm string which is a prefix of\nthe expected realm string and potentially allowing a user to\nauthenticate using the wrong realm.\n\nCVE-2016-2168\nIvan Zhakov of VisualSVN discovered a remotely triggerable denial\nof service vulnerability in the mod_authz_svn module during COPY or\nMOVE authorization check. An authenticated remote attacker could\ntake advantage of this flaw to cause a denial of service\n(Subversion server crash) via COPY or MOVE requests with specially\ncrafted header.", "modified": "2019-03-18T00:00:00", "published": "2016-04-29T00:00:00", "id": "OPENVAS:1361412562310703561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703561", "type": "openvas", "title": "Debian Security Advisory DSA 3561-1 (subversion - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3561.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3561-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703561\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_name(\"Debian Security Advisory DSA 3561-1 (subversion - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-29 00:00:00 +0200 (Fri, 29 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3561.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"subversion on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1.8.10-6+deb8u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.4-1.\n\nWe recommend that you upgrade your subversion packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin Subversion, a version control system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2016-2167\nDaniel Shahaf and James McCoy discovered that an implementation\nerror in the authentication against the Cyrus SASL library would\npermit a remote user to specify a realm string which is a prefix of\nthe expected realm string and potentially allowing a user to\nauthenticate using the wrong realm.\n\nCVE-2016-2168\nIvan Zhakov of VisualSVN discovered a remotely triggerable denial\nof service vulnerability in the mod_authz_svn module during COPY or\nMOVE authorization check. An authenticated remote attacker could\ntake advantage of this flaw to cause a denial of service\n(Subversion server crash) via COPY or MOVE requests with specially\ncrafted header.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-svn\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-dev\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-doc\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-java\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-perl\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn-ruby1.8\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn1:amd64\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsvn1:i386\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-subversion\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-svn:amd64\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby-svn:i386\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"subversion\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"subversion-dbg\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"subversion-tools\", ver:\"1.8.10-6+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T22:56:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120699", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120699", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-710)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120699\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:11 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-710)\");\n script_tag(name:\"insight\", value:\"The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. (CVE-2016-2167 )The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. (CVE-2016-2168 )\");\n script_tag(name:\"solution\", value:\"Run yum update mod_dav_svn to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-710.html\");\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"svn-debuginfo\", rpm:\"svn-debuginfo~1.9.4~2.52.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"svn\", rpm:\"svn~1.9.4~2.52.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2017-07-24T12:55:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "Several vulnerabilities were discovered\nin Subversion, a version control system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2016-2167 \nDaniel Shahaf and James McCoy discovered that an implementation\nerror in the authentication against the Cyrus SASL library would\npermit a remote user to specify a realm string which is a prefix of\nthe expected realm string and potentially allowing a user to\nauthenticate using the wrong realm.\n\nCVE-2016-2168 \nIvan Zhakov of VisualSVN discovered a remotely triggerable denial\nof service vulnerability in the mod_authz_svn module during COPY or\nMOVE authorization check. An authenticated remote attacker could\ntake advantage of this flaw to cause a denial of service\n(Subversion server crash) via COPY or MOVE requests with specially\ncrafted header.", "modified": "2017-07-07T00:00:00", "published": "2016-04-29T00:00:00", "id": "OPENVAS:703561", "href": "http://plugins.openvas.org/nasl.php?oid=703561", "type": "openvas", "title": "Debian Security Advisory DSA 3561-1 (subversion - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3561.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3561-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703561);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_name(\"Debian Security Advisory DSA 3561-1 (subversion - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-04-29 00:00:00 +0200 (Fri, 29 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3561.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"subversion on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Subversion, also known as svn,\nis a centralised version control system. Version control systems allow many\nindividuals (who may be distributed geographically) to collaborate on a set of\nfiles (source code, websites, etc). Subversion began with a CVS paradigm and\nsupports all the major features of CVS, but has evolved to support\nmany features that CVS users often wish they had.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 1.8.10-6+deb8u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.4-1.\n\nWe recommend that you upgrade your subversion packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin Subversion, a version control system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2016-2167 \nDaniel Shahaf and James McCoy discovered that an implementation\nerror in the authentication against the Cyrus SASL library would\npermit a remote user to specify a realm string which is a prefix of\nthe expected realm string and potentially allowing a user to\nauthenticate using the wrong realm.\n\nCVE-2016-2168 \nIvan Zhakov of VisualSVN discovered a remotely triggerable denial\nof service vulnerability in the mod_authz_svn module during COPY or\nMOVE authorization check. An authenticated remote attacker could\ntake advantage of this flaw to cause a denial of service\n(Subversion server crash) via COPY or MOVE requests with specially\ncrafted header.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-svn\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-svn\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-dev\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-doc\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-java\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-perl\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn-ruby1.8\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn1:amd64\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsvn1:i386\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-subversion\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-svn:amd64\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-svn:i386\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"subversion\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion-dbg\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"subversion-tools\", ver:\"1.8.10-6+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "Mageia Linux Local Security Checks mgasa-2016-0161", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310131291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131291", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0161", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0161.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131291\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:17:54 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0161\");\n script_tag(name:\"insight\", value:\"Updated subversion packages fix security vulnerabilities: Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially allowing a user to authenticate using the wrong realm (CVE-2016-2167). Ivan Zhakov of VisualSVN discovered a remotely triggerable denial of service vulnerability in the mod_authz_svn module during COPY or MOVE authorization check. An authenticated remote attacker could take advantage of this flaw to cause a denial of service (Subversion server crash) via COPY or MOVE requests with specially crafted header (CVE-2016-2168).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0161.html\");\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0161\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.8.16~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808373", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808373", "type": "openvas", "title": "Fedora Update for subversion FEDORA-2016-e024b3e02b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for subversion FEDORA-2016-e024b3e02b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808373\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:47:02 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for subversion FEDORA-2016-e024b3e02b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'subversion'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"subversion on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-e024b3e02b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KU6GUCBJZFZBNPS32NSO2WQIDNCHGC56\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.9.4~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "This host is installed with Apache Subversion\n and is prone to multiple vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-05-18T00:00:00", "id": "OPENVAS:1361412562310808106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808106", "type": "openvas", "title": "Apache Subversion Multiple Vulnerabilities-02 May16", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_subversion_mult_vuln02_may16.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Apache Subversion Multiple Vulnerabilities-02 May16\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:subversion\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808106\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-18 09:39:48 +0530 (Wed, 18 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Subversion Multiple Vulnerabilities-02 May16\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Subversion\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - A flaw that will cause a null pointer dereference and a segmentation fault\n with certain invalid request headers in server module 'mod_authz_svn'.\n\n - An error in the canonicalize_username function in svnserve/cyrus_auth.c,\n when Cyrus SASL authentication is used.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attacker to cause a denial of service and to authenticate and bypass intended\n access restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apache subversion version before 1.8.16 and\n 1.9.x before 1.9.4.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache subversion version 1.8.16,\n or 1.9.4, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://subversion.apache.org/security/CVE-2016-2167-advisory.txt\");\n script_xref(name:\"URL\", value:\"http://subversion.apache.org/security/CVE-2016-2168-advisory.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_subversion_remote_detect.nasl\");\n script_mandatory_keys(\"Subversion/installed\");\n script_require_ports(\"Services/www\", 3690);\n script_xref(name:\"URL\", value:\"https://subversion.apache.org\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!sub_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!subver = get_app_version(cpe:CPE, port:sub_port)){\n exit(0);\n}\n\nif(version_in_range(version:subver, test_version:\"1.9.0\", test_version2:\"1.9.3\"))\n{\n fix = \"1.9.4\";\n VULN = TRUE;\n}\n\nelse if(version_in_range(version:subver, test_version:\"1.0.0\", test_version2:\"1.8.15\"))\n{\n fix = \"1.8.16\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:subver, fixed_version:fix);\n security_message(data:report, port:sub_port);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-01-27T18:37:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167", "CVE-2015-5343", "CVE-2016-8734"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192550", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2550)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2550\");\n script_version(\"2020-01-23T13:05:11+0000\");\n script_cve_id(\"CVE-2015-5343\", \"CVE-2016-2167\", \"CVE-2016-2168\", \"CVE-2016-8734\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:05:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:05:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2550)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2550\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2550\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'subversion' package(s) announced via the EulerOS-SA-2019-2550 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.(CVE-2015-5343)\n\nThe canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.(CVE-2016-2167)\n\nThe req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.(CVE-2016-2168)\n\nApache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.(CVE-2016-8734)\");\n\n script_tag(name:\"affected\", value:\"'subversion' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.7.14~14.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.7.14~14.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-libs\", rpm:\"subversion-libs~1.7.14~14.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 8.0, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2020-01-27T18:39:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167", "CVE-2015-5343", "CVE-2016-8734"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192669", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192669", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2669)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2669\");\n script_version(\"2020-01-23T13:13:16+0000\");\n script_cve_id(\"CVE-2015-5343\", \"CVE-2016-2167\", \"CVE-2016-2168\", \"CVE-2016-8734\");\n script_tag(name:\"cvss_base\", value:\"8.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:13:16 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:13:16 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2019-2669)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2669\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2669\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'subversion' package(s) announced via the EulerOS-SA-2019-2669 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.(CVE-2016-8734)\n\nInteger overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.(CVE-2015-5343)\n\nThe canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.(CVE-2016-2167)\n\nThe req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.(CVE-2016-2168)\");\n\n script_tag(name:\"affected\", value:\"'subversion' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_dav_svn\", rpm:\"mod_dav_svn~1.7.14~11.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.7.14~11.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"subversion-libs\", rpm:\"subversion-libs~1.7.14~11.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 8.0, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:C"}}], "nessus": [{"lastseen": "2021-01-01T01:19:21", "description": "The canonicalize_username function in svnserve/cyrus_auth.c in Apache\nSubversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL\nauthentication is used, allows remote attackers to authenticate and\nbypass intended access restrictions via a realm string that is a\nprefix of an expected repository realm string. (CVE-2016-2167)\n\nThe req_check_access function in the mod_authz_svn module in the httpd\nserver in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4\nallows remote authenticated users to cause a denial of service (NULL\npointer dereference and crash) via a crafted header in a (1) MOVE or\n(2) COPY request, involving an authorization check. (CVE-2016-2168)", "edition": 24, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-06-06T00:00:00", "title": "Amazon Linux AMI : subversion (ALAS-2016-709)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion-devel", "p-cpe:/a:amazon:linux:subversion-libs", "p-cpe:/a:amazon:linux:subversion-python26", "p-cpe:/a:amazon:linux:subversion-perl", "p-cpe:/a:amazon:linux:subversion-ruby", "p-cpe:/a:amazon:linux:subversion", "p-cpe:/a:amazon:linux:subversion-javahl", "p-cpe:/a:amazon:linux:mod24_dav_svn", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:subversion-python27", "p-cpe:/a:amazon:linux:subversion-tools"], "id": "ALA_ALAS-2016-709.NASL", "href": "https://www.tenable.com/plugins/nessus/91468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-709.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91468);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_xref(name:\"ALAS\", value:\"2016-709\");\n\n script_name(english:\"Amazon Linux AMI : subversion (ALAS-2016-709)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The canonicalize_username function in svnserve/cyrus_auth.c in Apache\nSubversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL\nauthentication is used, allows remote attackers to authenticate and\nbypass intended access restrictions via a realm string that is a\nprefix of an expected repository realm string. (CVE-2016-2167)\n\nThe req_check_access function in the mod_authz_svn module in the httpd\nserver in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4\nallows remote authenticated users to cause a denial of service (NULL\npointer dereference and crash) via a crafted header in a (1) MOVE or\n(2) COPY request, involving an authorization check. (CVE-2016-2168)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-709.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update subversion' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mod24_dav_svn-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-debuginfo-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-devel-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-javahl-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-libs-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-perl-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-python26-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-python27-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-ruby-1.9.4-2.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"subversion-tools-1.9.4-2.54.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod24_dav_svn / subversion / subversion-debuginfo / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T01:19:21", "description": "The canonicalize_username function in svnserve/cyrus_auth.c in Apache\nSubversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL\nauthentication is used, allows remote attackers to authenticate and\nbypass intended access restrictions via a realm string that is a\nprefix of an expected repository realm string. (CVE-2016-2167)\n\nThe req_check_access function in the mod_authz_svn module in the httpd\nserver in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4\nallows remote authenticated users to cause a denial of service (NULL\npointer dereference and crash) via a crafted header in a (1) MOVE or\n(2) COPY request, involving an authorization check. (CVE-2016-2168)", "edition": 24, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-06-06T00:00:00", "title": "Amazon Linux AMI : mod_dav_svn (ALAS-2016-710)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mod_dav_svn", "p-cpe:/a:amazon:linux:mod_dav_svn-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-710.NASL", "href": "https://www.tenable.com/plugins/nessus/91469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-710.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91469);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_xref(name:\"ALAS\", value:\"2016-710\");\n\n script_name(english:\"Amazon Linux AMI : mod_dav_svn (ALAS-2016-710)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The canonicalize_username function in svnserve/cyrus_auth.c in Apache\nSubversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL\nauthentication is used, allows remote attackers to authenticate and\nbypass intended access restrictions via a realm string that is a\nprefix of an expected repository realm string. (CVE-2016-2167)\n\nThe req_check_access function in the mod_authz_svn module in the httpd\nserver in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4\nallows remote authenticated users to cause a denial of service (NULL\npointer dereference and crash) via a crafted header in a (1) MOVE or\n(2) COPY request, involving an authorization check. (CVE-2016-2168)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-710.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mod_dav_svn' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_dav_svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mod_dav_svn-1.9.4-2.52.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_dav_svn-debuginfo-1.9.4-2.52.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_dav_svn / mod_dav_svn-debuginfo\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T22:39:14", "description": "An update of the subversion package has been released.", "edition": 8, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Subversion PHSA-2016-0013", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:subversion", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2016-0013_SUBVERSION.NASL", "href": "https://www.tenable.com/plugins/nessus/121656", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2016-0013. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121656);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n\n script_name(english:\"Photon OS 1.0: Subversion PHSA-2016-0013\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the subversion package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-13.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2167\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"subversion-1.9.4-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"subversion-1.9.4-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"subversion-debuginfo-1.9.4-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"subversion-debuginfo-1.9.4-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"subversion-devel-1.9.4-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"subversion-devel-1.9.4-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-06T10:58:06", "description": "Subversion project reports :\n\nsvnserve, the svn:// protocol server, can optionally use the Cyrus\nSASL library for authentication, integrity protection, and encryption.\nDue to a programming oversight, authentication against Cyrus SASL\nwould permit the remote user to specify a realm string which is a\nprefix of the expected realm string.\n\nSubversion's httpd servers are vulnerable to a remotely triggerable\ncrash in the mod_authz_svn module. The crash can occur during an\nauthorization check for a COPY or MOVE request with a specially\ncrafted header value.\n\nThis allows remote attackers to cause a denial of service.", "edition": 26, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-04-29T00:00:00", "title": "FreeBSD : subversion -- multiple vulnerabilities (c8174b63-0d3a-11e6-b06e-d43d7eed0ce2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2016-04-29T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:subversion", "p-cpe:/a:freebsd:freebsd:subversion18"], "id": "FREEBSD_PKG_C8174B630D3A11E6B06ED43D7EED0CE2.NASL", "href": "https://www.tenable.com/plugins/nessus/90780", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90780);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n\n script_name(english:\"FreeBSD : subversion -- multiple vulnerabilities (c8174b63-0d3a-11e6-b06e-d43d7eed0ce2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Subversion project reports :\n\nsvnserve, the svn:// protocol server, can optionally use the Cyrus\nSASL library for authentication, integrity protection, and encryption.\nDue to a programming oversight, authentication against Cyrus SASL\nwould permit the remote user to specify a realm string which is a\nprefix of the expected realm string.\n\nSubversion's httpd servers are vulnerable to a remotely triggerable\ncrash in the mod_authz_svn module. The crash can occur during an\nauthorization check for a COPY or MOVE request with a specially\ncrafted header value.\n\nThis allows remote attackers to cause a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://subversion.apache.org/security/CVE-2016-2167-advisory.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://subversion.apache.org/security/CVE-2016-2168-advisory.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/c8174b63-0d3a-11e6-b06e-d43d7eed0ce2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6288c90\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:subversion18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"subversion>=1.9.0<1.9.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"subversion>=1.0.0<1.8.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"subversion18>=1.0.0<1.8.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:25", "description": "This update for subversion fixes the following issues :\n\n - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY\n authorization check (bsc#976849)\n\n - CVE-2016-2168: svnserve/sasl may authenticate users\n using the wrong realm (bsc#976850)\n\nThe following non-security bugs were fixed :\n\n - bsc#969159: subversion dependencies did not enforce\n matching password store\n\n - bsc#911620: svnserve could not be started via YaST\n Service manager\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 18, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-05-09T00:00:00", "title": "openSUSE Security Update : subversion (openSUSE-2016-570)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2016-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:subversion-python", "p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0", "p-cpe:/a:novell:opensuse:subversion-tools-debuginfo", "p-cpe:/a:novell:opensuse:subversion-debugsource", "p-cpe:/a:novell:opensuse:subversion-tools", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:subversion", "p-cpe:/a:novell:opensuse:subversion-bash-completion", "p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0", "p-cpe:/a:novell:opensuse:subversion-ruby", "p-cpe:/a:novell:opensuse:subversion-devel", "p-cpe:/a:novell:opensuse:subversion-server-debuginfo", "p-cpe:/a:novell:opensuse:subversion-perl", "p-cpe:/a:novell:opensuse:subversion-server", "p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo", "p-cpe:/a:novell:opensuse:subversion-python-debuginfo", "p-cpe:/a:novell:opensuse:subversion-perl-debuginfo", "p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo", "p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo", "p-cpe:/a:novell:opensuse:subversion-debuginfo"], "id": "OPENSUSE-2016-570.NASL", "href": "https://www.tenable.com/plugins/nessus/90982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-570.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90982);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n\n script_name(english:\"openSUSE Security Update : subversion (openSUSE-2016-570)\");\n script_summary(english:\"Check for the openSUSE-2016-570 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for subversion fixes the following issues :\n\n - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY\n authorization check (bsc#976849)\n\n - CVE-2016-2168: svnserve/sasl may authenticate users\n using the wrong realm (bsc#976850)\n\nThe following non-security bugs were fixed :\n\n - bsc#969159: subversion dependencies did not enforce\n matching password store\n\n - bsc#911620: svnserve could not be started via YaST\n Service manager\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976850\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected subversion packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsvn_auth_gnome_keyring-1-0-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsvn_auth_kwallet-1-0-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsvn_auth_kwallet-1-0-debuginfo-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-bash-completion-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-debuginfo-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-debugsource-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-devel-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-perl-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-perl-debuginfo-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-python-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-python-debuginfo-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-ruby-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-ruby-debuginfo-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-server-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-server-debuginfo-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-tools-1.8.10-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"subversion-tools-debuginfo-1.8.10-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsvn_auth_gnome_keyring-1-0 / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T09:49:36", "description": "Several vulnerabilities were discovered in Subversion, a version\ncontrol system. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2016-2167\n Daniel Shahaf and James McCoy discovered that an\n implementation error in the authentication against the\n Cyrus SASL library would permit a remote user to specify\n a realm string which is a prefix of the expected realm\n string and potentially allowing a user to authenticate\n using the wrong realm.\n\n - CVE-2016-2168\n Ivan Zhakov of VisualSVN discovered a remotely\n triggerable denial of service vulnerability in the\n mod_authz_svn module during COPY or MOVE authorization\n check. An authenticated remote attacker could take\n advantage of this flaw to cause a denial of service\n (Subversion server crash) via COPY or MOVE requests with\n specially crafted header.", "edition": 24, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-05-02T00:00:00", "title": "Debian DSA-3561-1 : subversion - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2016-05-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:subversion", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3561.NASL", "href": "https://www.tenable.com/plugins/nessus/90808", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3561. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90808);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_xref(name:\"DSA\", value:\"3561\");\n\n script_name(english:\"Debian DSA-3561-1 : subversion - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Subversion, a version\ncontrol system. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2016-2167\n Daniel Shahaf and James McCoy discovered that an\n implementation error in the authentication against the\n Cyrus SASL library would permit a remote user to specify\n a realm string which is a prefix of the expected realm\n string and potentially allowing a user to authenticate\n using the wrong realm.\n\n - CVE-2016-2168\n Ivan Zhakov of VisualSVN discovered a remotely\n triggerable denial of service vulnerability in the\n mod_authz_svn module during COPY or MOVE authorization\n check. An authenticated remote attacker could take\n advantage of this flaw to cause a denial of service\n (Subversion server crash) via COPY or MOVE requests with\n specially crafted header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/subversion\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3561\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the subversion packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.8.10-6+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-svn\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-svn\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsvn-dev\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsvn-doc\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsvn-java\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsvn-perl\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsvn-ruby1.8\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsvn1\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-subversion\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-svn\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"subversion\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"subversion-dbg\", reference:\"1.8.10-6+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"subversion-tools\", reference:\"1.8.10-6+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:53", "description": " - Update to 1.9.4 (#1331222) CVE-2016-2167 CVE-2016-2168\n\n - Move tools in docs to tools subpackage (rhbz 1171757\n 1199761)\n\n - Disable make check to work around FTBFS\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-07-14T00:00:00", "title": "Fedora 23 : subversion (2016-e024b3e02b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:subversion", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-E024B3E02B.NASL", "href": "https://www.tenable.com/plugins/nessus/92183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-e024b3e02b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92183);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_xref(name:\"FEDORA\", value:\"2016-e024b3e02b\");\n\n script_name(english:\"Fedora 23 : subversion (2016-e024b3e02b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 1.9.4 (#1331222) CVE-2016-2167 CVE-2016-2168\n\n - Move tools in docs to tools subpackage (rhbz 1171757\n 1199761)\n\n - Disable make check to work around FTBFS\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-e024b3e02b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected subversion package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"subversion-1.9.4-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:02", "description": " - Update to 1.9.4 (#1331222) CVE-2016-2167 CVE-2016-2168 -\n Move tools in docs to tools subpackage (rhbz 1171757\n 1199761) - Disable make check to work around FTBFS\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-05-12T00:00:00", "title": "Fedora 24 : subversion-1.9.4-1.fc24 (2016-20cc04ac50)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2016-05-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:subversion", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-20CC04AC50.NASL", "href": "https://www.tenable.com/plugins/nessus/91059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-20cc04ac50.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91059);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n script_xref(name:\"FEDORA\", value:\"2016-20cc04ac50\");\n\n script_name(english:\"Fedora 24 : subversion-1.9.4-1.fc24 (2016-20cc04ac50)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 1.9.4 (#1331222) CVE-2016-2167 CVE-2016-2168 -\n Move tools in docs to tools subpackage (rhbz 1171757\n 1199761) - Disable make check to work around FTBFS\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1171757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1331687\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d62a72a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected subversion package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"subversion-1.9.4-1.fc24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T09:43:46", "description": "CVE-2016-2167\n\nsvnserve, the svn:// protocol server, can optionally use the Cyrus\nSASL library for authentication, integrity protection, and encryption.\nDue to a programming oversight, authentication against Cyrus SASL\nwould permit the remote user to specify a realm string which is a\nprefix of the expected realm string.\n\nCVE-2016-2168\n\nSubversion's httpd servers are vulnerable to a remotely triggerable\ncrash in the mod_authz_svn module. The crash can occur during an\nauthorization check for a COPY or MOVE request with a specially\ncrafted header value.\n\nThis allows remote attackers to cause a denial of service.\n\n-- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy\n<jamessan@debian.org>\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 18, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-05-02T00:00:00", "title": "Debian DLA-448-1 : subversion security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2016-05-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:subversion", "p-cpe:/a:debian:debian_linux:libsvn-ruby", "p-cpe:/a:debian:debian_linux:libsvn-dev", "p-cpe:/a:debian:debian_linux:libsvn-perl", "p-cpe:/a:debian:debian_linux:python-subversion", "p-cpe:/a:debian:debian_linux:libapache2-svn", "p-cpe:/a:debian:debian_linux:libsvn-doc", "p-cpe:/a:debian:debian_linux:libsvn-java", "p-cpe:/a:debian:debian_linux:libsvn1", "p-cpe:/a:debian:debian_linux:libsvn-ruby1.8", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:subversion-tools"], "id": "DEBIAN_DLA-448.NASL", "href": "https://www.tenable.com/plugins/nessus/90805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-448-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90805);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n\n script_name(english:\"Debian DLA-448-1 : subversion security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-2167\n\nsvnserve, the svn:// protocol server, can optionally use the Cyrus\nSASL library for authentication, integrity protection, and encryption.\nDue to a programming oversight, authentication against Cyrus SASL\nwould permit the remote user to specify a realm string which is a\nprefix of the expected realm string.\n\nCVE-2016-2168\n\nSubversion's httpd servers are vulnerable to a remotely triggerable\ncrash in the mod_authz_svn module. The crash can occur during an\nauthorization check for a COPY or MOVE request with a specially\ncrafted header value.\n\nThis allows remote attackers to cause a denial of service.\n\n-- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy\n<jamessan@debian.org>\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/05/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/subversion\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-svn\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsvn-dev\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsvn-doc\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsvn-java\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsvn-perl\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsvn-ruby\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsvn-ruby1.8\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsvn1\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-subversion\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"subversion\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"subversion-tools\", reference:\"1.6.17dfsg-4+deb7u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:25", "description": "This update for subversion fixes the following issues :\n\n - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY\n authorization check (bsc#976849)\n\n - CVE-2016-2168: svnserve/sasl may authenticate users\n using the wrong realm (bsc#976850)\n\nThe following non-security bugs were fixed :\n\n - mod_authz_svn: fix authz with\n mod_auth_kerb/mod_auth_ntlm (boo#977424)", "edition": 18, "cvss3": {"score": 6.8, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-05-09T00:00:00", "title": "openSUSE Security Update : subversion (openSUSE-2016-571)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "modified": "2016-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:subversion-python", "p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0", "p-cpe:/a:novell:opensuse:subversion-tools-debuginfo", "p-cpe:/a:novell:opensuse:subversion-debugsource", "p-cpe:/a:novell:opensuse:subversion-tools", "p-cpe:/a:novell:opensuse:subversion-python-ctypes", "p-cpe:/a:novell:opensuse:subversion", "p-cpe:/a:novell:opensuse:subversion-bash-completion", "p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0", "p-cpe:/a:novell:opensuse:subversion-ruby", "p-cpe:/a:novell:opensuse:subversion-devel", "p-cpe:/a:novell:opensuse:subversion-server-debuginfo", "p-cpe:/a:novell:opensuse:subversion-perl", "p-cpe:/a:novell:opensuse:subversion-server", "p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:subversion-python-debuginfo", "p-cpe:/a:novell:opensuse:subversion-perl-debuginfo", "p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo", "p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo", "p-cpe:/a:novell:opensuse:subversion-debuginfo"], "id": "OPENSUSE-2016-571.NASL", "href": "https://www.tenable.com/plugins/nessus/90983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-571.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90983);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2167\", \"CVE-2016-2168\");\n\n script_name(english:\"openSUSE Security Update : subversion (openSUSE-2016-571)\");\n script_summary(english:\"Check for the openSUSE-2016-571 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for subversion fixes the following issues :\n\n - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY\n authorization check (bsc#976849)\n\n - CVE-2016-2168: svnserve/sasl may authenticate users\n using the wrong realm (bsc#976850)\n\nThe following non-security bugs were fixed :\n\n - mod_authz_svn: fix authz with\n mod_auth_kerb/mod_auth_ntlm (boo#977424)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977424\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected subversion packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-python-ctypes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:subversion-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsvn_auth_gnome_keyring-1-0-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsvn_auth_kwallet-1-0-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsvn_auth_kwallet-1-0-debuginfo-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-bash-completion-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-debuginfo-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-debugsource-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-devel-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-perl-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-perl-debuginfo-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-python-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-python-ctypes-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-python-debuginfo-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-ruby-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-ruby-debuginfo-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-server-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-server-debuginfo-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-tools-1.8.16-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"subversion-tools-debuginfo-1.8.16-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsvn_auth_gnome_keyring-1-0 / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:51:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "Package : subversion\nVersion : 1.6.17dfsg-4+deb7u11\nCVE ID : CVE-2016-2167 CVE-2016-2168\n\nCVE-2016-2167\n\n svnserve, the svn:// protocol server, can optionally use the Cyrus\n SASL library for authentication, integrity protection, and encryption.\n Due to a programming oversight, authentication against Cyrus SASL\n would permit the remote user to specify a realm string which is\n a prefix of the expected realm string.\n\n\nCVE-2016-2168\n\n Subversion's httpd servers are vulnerable to a remotely triggerable crash\n in the mod_authz_svn module. The crash can occur during an authorization\n check for a COPY or MOVE request with a specially crafted header value.\n\n This allows remote attackers to cause a denial of service.\n\n-- \nJames\nGPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <jamessan@debian.org>\n", "edition": 7, "modified": "2016-05-01T02:27:12", "published": "2016-05-01T02:27:12", "id": "DEBIAN:DLA-448-1:46817", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00000.html", "title": "[SECURITY] [DLA 448-1] subversion security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-08-12T00:52:05", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3561-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 29, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : subversion\nCVE ID : CVE-2016-2167 CVE-2016-2168\n\nSeveral vulnerabilities were discovered in Subversion, a version control\nsystem. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2016-2167\n\n Daniel Shahaf and James McCoy discovered that an implementation\n error in the authentication against the Cyrus SASL library would\n permit a remote user to specify a realm string which is a prefix of\n the expected realm string and potentially allowing a user to\n authenticate using the wrong realm.\n\nCVE-2016-2168\n\n Ivan Zhakov of VisualSVN discovered a remotely triggerable denial\n of service vulnerability in the mod_authz_svn module during COPY or\n MOVE authorization check. An authenticated remote attacker could\n take advantage of this flaw to cause a denial of service\n (Subversion server crash) via COPY or MOVE requests with specially\n crafted header.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.8.10-6+deb8u4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.4-1.\n\nWe recommend that you upgrade your subversion packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-04-29T13:04:37", "published": "2016-04-29T13:04:37", "id": "DEBIAN:DSA-3561-1:D3809", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00137.html", "title": "[SECURITY] [DSA 3561-1] subversion security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "\nSubversion project reports:\n\nsvnserve, the svn:// protocol server, can optionally use the Cyrus\n\t SASL library for authentication, integrity protection, and encryption.\n\t Due to a programming oversight, authentication against Cyrus SASL\n\t would permit the remote user to specify a realm string which is\n\t a prefix of the expected realm string.\n\n\nSubversion's httpd servers are vulnerable to a remotely triggerable crash\n\t in the mod_authz_svn module. The crash can occur during an authorization\n\t check for a COPY or MOVE request with a specially crafted header value.\nThis allows remote attackers to cause a denial of service.\n\n", "edition": 4, "modified": "2016-04-21T00:00:00", "published": "2016-04-21T00:00:00", "id": "C8174B63-0D3A-11E6-B06E-D43D7EED0CE2", "href": "https://vuxml.freebsd.org/freebsd/c8174b63-0d3a-11e6-b06e-d43d7eed0ce2.html", "title": "subversion -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "kaspersky": [{"lastseen": "2020-09-02T11:53:03", "bulletinFamily": "info", "cvelist": ["CVE-2016-2168", "CVE-2016-2167"], "description": "### *Detect date*:\n05/05/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apache Subversion. Malicious users can exploit these vulnerabilities to cause denial of service or bypass security restrictions.\n\n### *Affected products*:\nApache Subversions versions earlier than 1.8.16 \nApache Subversions 1.9 versions earlier than 1.9.4\n\n### *Solution*:\nUpdate to the latest version \n[Apache Subversion download page](<http://subversion.apache.org/download.cgi>)\n\n### *Original advisories*:\n[Apache advisory 2168](<http://subversion.apache.org/security/CVE-2016-2168-advisory.txt>) \n[Apache advisory 2167](<http://subversion.apache.org/security/CVE-2016-2167-advisory.txt>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Apache Subversion](<https://threats.kaspersky.com/en/product/Apache-Subversion/>)\n\n### *CVE-IDS*:\n[CVE-2016-2167](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167>)4.9Warning \n[CVE-2016-2168](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168>)4.0Warning", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2016-05-05T00:00:00", "id": "KLA10808", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10808", "title": "\r KLA10808Multiple vulnerabilities in Apache Subversion ", "type": "kaspersky", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2167", "CVE-2016-2168"], "description": "Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. ", "modified": "2016-05-10T11:50:37", "published": "2016-05-10T11:50:37", "id": "FEDORA:4499A605712E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: subversion-1.9.4-1.fc24", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2167", "CVE-2016-2168"], "description": "Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. ", "modified": "2016-05-12T07:32:42", "published": "2016-05-12T07:32:42", "id": "FEDORA:F2C4A6133CC5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: subversion-1.9.4-1.fc23", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:58", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2168", "CVE-2016-2167", "CVE-2017-9800"], "description": "USN-3388-1 fixed several vulnerabilities in Subversion. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nIvan Zhakov discovered that Subversion did not properly handle \nsome requests. A remote attacker could use this to cause a \ndenial of service. (CVE-2016-2168)\n\nOriginal advisory details:\n\nJoern Schneeweisz discovered that Subversion did not properly handle \nhost names in 'svn+ssh://' URLs. A remote attacker could use this \nto construct a subversion repository that when accessed could run \narbitrary code with the privileges of the user. (CVE-2017-9800)\n\nDaniel Shahaf and James McCoy discovered that Subversion did not \nproperly verify realms when using Cyrus SASL authentication. A \nremote attacker could use this to possibly bypass intended access \nrestrictions. (CVE-2016-2167)", "edition": 6, "modified": "2017-10-24T00:00:00", "published": "2017-10-24T00:00:00", "id": "USN-3388-2", "href": "https://ubuntu.com/security/notices/USN-3388-2", "title": "Subversion vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-10-11T12:54:23", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3504", "CVE-2015-5259", "CVE-2016-2168", "CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2014-0032", "CVE-2015-0202", "CVE-2016-2167", "CVE-2014-3522", "CVE-2015-3184", "CVE-2014-3528"], "edition": 1, "description": "### Background\n\nSubversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS\u2019s :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories. \n\nThe serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Subversion users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/subversion-1.9.4\"\n \n\nAll Serf users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/serf-1.3.7\"", "modified": "2016-10-11T00:00:00", "published": "2016-10-11T00:00:00", "id": "GLSA-201610-05", "href": "https://security.gentoo.org/glsa/201610-05", "type": "gentoo", "title": "Subversion, Serf: Multiple Vulnerabilities", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "suse": [{"lastseen": "2017-08-17T17:07:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2168", "CVE-2015-0248", "CVE-2015-3187", "CVE-2015-0251", "CVE-2015-0202", "CVE-2016-2167", "CVE-2015-5343", "CVE-2016-8734", "CVE-2017-9800", "CVE-2015-3184", "CVE-2014-3580", "CVE-2014-8108"], "description": "This update for subversion fixes the following issues:\n\n\n - CVE-2017-9800: A malicious, compromised server or MITM may cause svn\n client to execute arbitrary commands by sending repository content with\n svn:externals definitions pointing to crafted svn+ssh URLs. (bsc#1051362)\n\n - Malicious user may commit SHA-1 collisions and cause repository\n inconsistencies (bsc#1026936)\n\n - CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and\n Subversion clients using http(s):// could lead to denial of service\n (bsc#1011552)\n\n - CVE-2016-2167: svnserve/sasl may authenticate users using the wrong\n realm (bsc#976849)\n\n - CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn\n during COPY/MOVE authorization check (bsc#976850)\n\n - mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (bsc#977424)\n\n - make the subversion package conflict with KWallet and Gnome Keyring\n packages with do not require matching subversion versions in SLE 12 and\n openSUSE Leap 42.1 and thus break the main package upon partial upgrade.\n (bsc#969159)\n\n - CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read\n in mod_dav_svn caused by integer overflow when parsing skel-encoded\n request bodies. (bsc#958300)\n\n - Avoid recommending 180+ new pkgs for installation on minimal setup due\n subversion-password-store (bsc#942819)\n\n - CVE-2015-3184: mod_authz_svn: mixed anonymous/authenticated httpd (dav)\n configurations could lead to information leak (bsc#939514)\n\n - CVE-2015-3187: do not leak paths that were hidden by path-based authz\n (bsc#939517)\n\n - CVE-2015-0202: Subversion HTTP servers with FSFS repositories were\n vulnerable to a remotely triggerable excessive memory use with certain\n REPORT requests. (bsc#923793)\n\n - CVE-2015-0248: Subversion mod_dav_svn and svnserve were vulnerable to a\n remotely triggerable assertion DoS vulnerability for certain requests\n with dynamically evaluated revision numbers. (bsc#923794)\n\n - CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author\n property values for new revisions (bsc#923795)\n\n - fix sample configuration comments in subversion.conf (bsc#916286)\n\n - fix sysconfig file generation (bsc#911620)\n\n - CVE-2014-3580: mod_dav_svn invalid REPORT requests could lead to denial\n of service (bsc#909935)\n\n - CVE-2014-8108: mod_dav_svn use of invalid transaction names could lead\n to denial of service (bsc#909935)\n\n - INSTALL#SQLite says 'Subversion 1.8 requires SQLite version 3.7.12 or\n above'; therefore I lowered the sqlite requirement to make the\n subversion run on\n older system versions, tooi. [bsc#897033]\n\n", "edition": 1, "modified": "2017-08-17T12:10:12", "published": "2017-08-17T12:10:12", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00055.html", "id": "SUSE-SU-2017:2200-1", "title": "Security update for subversion (important)", "type": "suse", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "oracle": [{"lastseen": "2020-12-24T15:41:14", "bulletinFamily": "software", "cvelist": ["CVE-2013-7285", "CVE-2015-1832", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2016-10244", "CVE-2016-10328", "CVE-2016-2167", "CVE-2016-2168", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3189", "CVE-2016-4800", "CVE-2016-5000", "CVE-2016-5300", "CVE-2016-5725", "CVE-2016-6153", "CVE-2016-6306", "CVE-2016-8610", "CVE-2016-8734", "CVE-2017-10989", "CVE-2017-12626", "CVE-2017-13098", "CVE-2017-13685", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-15095", "CVE-2017-15286", "CVE-2017-17485", "CVE-2017-3164", "CVE-2017-5644", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-7525", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9096", "CVE-2017-9735", "CVE-2017-9800", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-14718", "CVE-2018-15769", "CVE-2018-17196", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-2765", "CVE-2018-3693", "CVE-2018-5382", "CVE-2018-5968", "CVE-2018-6942", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8088", "CVE-2018-8740", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0192", "CVE-2019-0201", "CVE-2019-10072", "CVE-2019-10097", "CVE-2019-1010239", "CVE-2019-10173", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11048", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11834", "CVE-2019-11835", "CVE-2019-11922", "CVE-2019-12086", "CVE-2019-12260", "CVE-2019-12261", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12900", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14540", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17495", "CVE-2019-17531", "CVE-2019-17543", "CVE-2019-17558", "CVE-2019-17569", "CVE-2019-17632", "CVE-2019-17638", "CVE-2019-18348", "CVE-2019-20330", "CVE-2019-2897", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5018", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-10108", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11984", "CVE-2020-11993", "CVE-2020-11996", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-14672", "CVE-2020-14731", "CVE-2020-14732", "CVE-2020-14734", "CVE-2020-14735", "CVE-2020-14736", "CVE-2020-14740", "CVE-2020-14741", "CVE-2020-14742", "CVE-2020-14743", "CVE-2020-14744", "CVE-2020-14745", "CVE-2020-14746", "CVE-2020-14752", "CVE-2020-14753", "CVE-2020-14754", "CVE-2020-14757", "CVE-2020-14758", "CVE-2020-14759", "CVE-2020-14760", "CVE-2020-14761", "CVE-2020-14762", "CVE-2020-14763", "CVE-2020-14764", "CVE-2020-14765", "CVE-2020-14766", "CVE-2020-14767", "CVE-2020-14768", "CVE-2020-14769", "CVE-2020-14770", "CVE-2020-14771", "CVE-2020-14772", "CVE-2020-14773", "CVE-2020-14774", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14778", "CVE-2020-14779", "CVE-2020-14780", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14783", "CVE-2020-14784", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14787", "CVE-2020-14788", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14792", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14795", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14801", "CVE-2020-14802", "CVE-2020-14803", "CVE-2020-14804", "CVE-2020-14805", "CVE-2020-14806", "CVE-2020-14807", "CVE-2020-14808", "CVE-2020-14809", "CVE-2020-14810", "CVE-2020-14811", "CVE-2020-14812", "CVE-2020-14813", "CVE-2020-14814", "CVE-2020-14815", "CVE-2020-14816", "CVE-2020-14817", "CVE-2020-14818", "CVE-2020-14819", "CVE-2020-14820", "CVE-2020-14821", "CVE-2020-14822", "CVE-2020-14823", "CVE-2020-14824", "CVE-2020-14825", "CVE-2020-14826", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14831", "CVE-2020-14832", "CVE-2020-14833", "CVE-2020-14834", "CVE-2020-14835", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14840", "CVE-2020-14841", "CVE-2020-14842", "CVE-2020-14843", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14847", "CVE-2020-14848", "CVE-2020-14849", "CVE-2020-14850", "CVE-2020-14851", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14854", "CVE-2020-14855", "CVE-2020-14856", "CVE-2020-14857", "CVE-2020-14858", "CVE-2020-14859", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14862", "CVE-2020-14863", "CVE-2020-14864", "CVE-2020-14865", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14871", "CVE-2020-14872", "CVE-2020-14873", "CVE-2020-14875", "CVE-2020-14876", "CVE-2020-14877", "CVE-2020-14878", "CVE-2020-14879", "CVE-2020-14880", "CVE-2020-14881", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-14884", "CVE-2020-14885", "CVE-2020-14886", "CVE-2020-14887", "CVE-2020-14888", "CVE-2020-14889", "CVE-2020-14890", "CVE-2020-14891", "CVE-2020-14892", "CVE-2020-14893", "CVE-2020-14894", "CVE-2020-14895", "CVE-2020-14896", "CVE-2020-14897", "CVE-2020-14898", "CVE-2020-14899", "CVE-2020-14900", "CVE-2020-14901", "CVE-2020-15358", "CVE-2020-15389", "CVE-2020-1730", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1953", "CVE-2020-1954", "CVE-2020-1967", "CVE-2020-2555", "CVE-2020-3235", "CVE-2020-3909", "CVE-2020-4051", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-7067", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8840", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9409", "CVE-2020-9410", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9489", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n \nStarting with the October 2020 Critical Patch Update, Oracle lists updates that address vulnerabilities in third-party components which are not exploitable in the context of their inclusion in their respective Oracle product beneath the product's risk matrix. Oracle has published two versions of the October 2020 Critical Patch Update Advisory: this version of the advisory implemented the change in how non-exploitable vulnerabilities in third-party components are reported, and the \u201ctraditional\u201d advisory follows the same format as the previous advisories. The \u201ctraditional\u201d advisory is published at <https://www.oracle.com/security-alerts/cpuoct2020traditional.html>. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 403 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2712240.1>).\n", "modified": "2020-12-08T00:00:00", "published": "2020-10-20T00:00:00", "id": "ORACLE:CPUOCT2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
