Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200908-05
HistoryAug 18, 2009 - 12:00 a.m.

Subversion: Remote execution of arbitrary code

2009-08-1800:00:00
Gentoo Foundation
security.gentoo.org
17

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.036 Low

EPSS

Percentile

91.6%

JSON

Background

Subversion is a versioning system designed to be a replacement for CVS.

Description

Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows.

Impact

A remote attacker with commit access could exploit this vulnerability by sending a specially crafted commit to a Subversion server, or a remote attacker could entice a user to check out or update a repository from a malicious Subversion server, possibly resulting in the execution of arbitrary code with the privileges of the user running the server or client.

Workaround

There is no known workaround at this time.

Resolution

All Subversion users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/subversion-1.6.4"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-util/subversion<Β 1.6.4UNKNOWN

Related

openvas 30
nessus 19
freebsd 1
seebug 1
oraclelinux 1
centos 1
slackware 1
redhat 1
altlinux 1
veracode 1
fedora 2
debian 1
ubuntu 1
securityvulns 2
suse 1
prion 1
ubuntucve 1
debiancve 1
cve 1
openvas
openvas
Ubuntu USN-812-1 (subversion)
2009-08-17 00:00:00
Fedora Core 10 FEDORA-2009-8432 (subversion)
2009-08-17 00:00:00
Fedora Core 11 FEDORA-2009-8449 (subversion)
2009-08-17 00:00:00
nessus
nessus
Oracle Linux 4 / 5 : subversion (ELSA-2009-1203)
2013-07-12 00:00:00
openSUSE 10 Security Update : subversion (subversion-6418)
2009-10-06 00:00:00
Debian DSA-1855-1 : subversion - heap overflow
2010-02-24 00:00:00
freebsd
freebsd
subversion -- heap overflow vulnerability
2009-08-06 00:00:00
seebug
seebug
Subversion libsvn_deltaεΊ“ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2009-08-11 00:00:00
oraclelinux
oraclelinux
subversion security update
2009-08-10 00:00:00
centos
centos
mod_dav_svn, subversion security update
2009-08-11 21:17:40
slackware
slackware
subversion
2009-08-07 00:58:39
redhat
redhat
(RHSA-2009:1203) Important: subversion security update
2009-08-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package subversion version 1.6.4-alt1
2009-08-18 00:00:00
veracode
veracode
Remote Code Execution(RCE)
2020-04-10 00:39:59
fedora
fedora
[SECURITY] Fedora 10 Update: subversion-1.6.4-2.fc10
2009-08-10 21:48:46
[SECURITY] Fedora 11 Update: subversion-1.6.4-2.fc11
2009-08-10 21:53:56
debian
debian
[SECURITY] [DSA 1855-1] New subversion packages fix arbitrary code execution
2009-08-08 19:07:27
ubuntu
ubuntu
Subversion vulnerability
2009-08-08 00:00:00
securityvulns
securityvulns
Subversion / APR multiple buffer overflows
2009-08-08 00:00:00
Subversion heap overflow
2009-08-08 00:00:00
suse
suse
remote code execution in subversion
2009-08-14 11:06:32
prion
prion
Integer overflow
2009-08-07 19:30:00
ubuntucve
ubuntucve
CVE-2009-2411
2009-08-07 00:00:00
debiancve
debiancve
CVE-2009-2411
2009-08-07 19:30:00
cve
cve
CVE-2009-2411
2009-08-07 19:30:00

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.036 Low

EPSS

Percentile

91.6%

JSON
Related for GLSA-200908-05
openvas30nessus19freebsd1seebug1oraclelinux1centos1slackware1redhat1altlinux1veracode1fedora2debian1ubuntu1securityvulns2suse1prion1ubuntucve1debiancve1cve1