Lucene search
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1855.NASLHistoryFeb 24, 2010 - 12:00 a.m.
Debian DSA-1855-1 : subversion - heap overflow
2010-02-2400:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1855. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(44720);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2009-2411");
script_bugtraq_id(35983);
script_xref(name:"DSA", value:"1855");
script_name(english:"Debian DSA-1855-1 : subversion - heap overflow");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Matt Lewis discovered that Subversion performs insufficient input
validation of svndiff streams. Malicious servers could cause heap
overflows in clients, and malicious clients with commit access could
cause heap overflows in servers, possibly leading to arbitrary code
execution in both cases."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2009/dsa-1855"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the Subversion packages.
For the old stable distribution (etch), this problem has been fixed in
version 1.4.2dfsg1-3.
For the stable distribution (lenny), this problem has been fixed in
version 1.5.1dfsg1-4."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(189);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:subversion");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/08/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"4.0", prefix:"libapache2-svn", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"libsvn-dev", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"libsvn-doc", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"libsvn-java", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"libsvn-javahl", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"libsvn-perl", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"libsvn-ruby", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"libsvn-ruby1.8", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"libsvn1", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"python-subversion", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"subversion", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"4.0", prefix:"subversion-tools", reference:"1.4.2dfsg1-3")) flag++;
if (deb_check(release:"5.0", prefix:"libapache2-svn", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-dev", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-doc", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-java", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-perl", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-ruby", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-ruby1.8", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn1", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"python-subversion", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"subversion", reference:"1.5.1dfsg1-4")) flag++;
if (deb_check(release:"5.0", prefix:"subversion-tools", reference:"1.5.1dfsg1-4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | subversion | p-cpe:/a:debian:debian_linux:subversion |
| debian | debian_linux | 4.0 | cpe:/o:debian:debian_linux:4.0 |
| debian | debian_linux | 5.0 | cpe:/o:debian:debian_linux:5.0 |
Related
openvas
openvas
Ubuntu USN-812-1 (subversion)
2009-08-17 00:00:00
Fedora Core 10 FEDORA-2009-8432 (subversion)
2009-08-17 00:00:00
Fedora Core 11 FEDORA-2009-8449 (subversion)
2009-08-17 00:00:00
nessus
nessus
Oracle Linux 4 / 5 : subversion (ELSA-2009-1203)
2013-07-12 00:00:00
openSUSE 10 Security Update : subversion (subversion-6418)
2009-10-06 00:00:00
openSUSE Security Update : subversion (subversion-1185)
2009-08-13 00:00:00
freebsd
freebsd
subversion -- heap overflow vulnerability
2009-08-06 00:00:00
seebug
seebug
Subversion libsvn_deltaεΊζ΄ζ°ζΊ’εΊζΌζ΄
2009-08-11 00:00:00
oraclelinux
oraclelinux
subversion security update
2009-08-10 00:00:00
slackware
slackware
subversion
2009-08-07 00:58:39
centos
centos
mod_dav_svn, subversion security update
2009-08-11 21:17:40
altlinux
altlinux
Security fix for the ALT Linux 5 package subversion version 1.6.4-alt1
2009-08-18 00:00:00
redhat
redhat
(RHSA-2009:1203) Important: subversion security update
2009-08-10 00:00:00
gentoo
gentoo
Subversion: Remote execution of arbitrary code
2009-08-18 00:00:00
veracode
veracode
Remote Code Execution(RCE)
2020-04-10 00:39:59
fedora
fedora
[SECURITY] Fedora 10 Update: subversion-1.6.4-2.fc10
2009-08-10 21:48:46
[SECURITY] Fedora 11 Update: subversion-1.6.4-2.fc11
2009-08-10 21:53:56
debian
debian
[SECURITY] [DSA 1855-1] New subversion packages fix arbitrary code execution
2009-08-08 19:07:27
ubuntu
ubuntu
Subversion vulnerability
2009-08-08 00:00:00
securityvulns
securityvulns
Subversion / APR multiple buffer overflows
2009-08-08 00:00:00
Subversion heap overflow
2009-08-08 00:00:00
suse
suse
remote code execution in subversion
2009-08-14 11:06:32
prion
prion
Integer overflow
2009-08-07 19:30:00
debiancve
debiancve
CVE-2009-2411
2009-08-07 19:30:00
ubuntucve
ubuntucve
CVE-2009-2411
2009-08-07 00:00:00
cve
cve
CVE-2009-2411
2009-08-07 19:30:00
Related for DEBIAN_DSA-1855.NASL