Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2118.NASL
HistoryOct 11, 2010 - 12:00 a.m.

Debian DSA-2118-1 : subversion - logic flaw

2010-10-1100:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn module of Subversion, a version control system, is not properly enforcing access rules which are scope-limited to named repositories. If the SVNPathAuthz option is set to ‘short_circuit’ set this may enable an unprivileged attacker to bypass intended access restrictions and disclose or modify repository content.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2118. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(49815);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2010-3315");
  script_bugtraq_id(43678);
  script_xref(name:"DSA", value:"2118");

  script_name(english:"Debian DSA-2118-1 : subversion - logic flaw");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Kamesh Jayachandran and C. Michael Pilat discovered that the
mod_dav_svn module of Subversion, a version control system, is not
properly enforcing access rules which are scope-limited to named
repositories. If the SVNPathAuthz option is set to 'short_circuit' set
this may enable an unprivileged attacker to bypass intended access
restrictions and disclose or modify repository content."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2010/dsa-2118"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the subversion packages.

As a workaround it is also possible to set SVNPathAuthz to 'on' but be
advised that this can result in a performance decrease for large
repositories.

For the stable distribution (lenny), this problem has been fixed in
version 1.5.1dfsg1-5."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:subversion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/10/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"libapache2-svn", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-dev", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-doc", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-java", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-perl", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-ruby", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn-ruby1.8", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"libsvn1", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"python-subversion", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"subversion", reference:"1.5.1dfsg1-5")) flag++;
if (deb_check(release:"5.0", prefix:"subversion-tools", reference:"1.5.1dfsg1-5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxsubversionp-cpe:/a:debian:debian_linux:subversion
debiandebian_linux5.0cpe:/o:debian:debian_linux:5.0

Related

openvas 17
prion 1
altlinux 2
securityvulns 4
debiancve 1
nessus 12
debian 3
fedora 3
ubuntucve 1
cve 1
oraclelinux 1
redhat 1
ubuntu 1
openvas
openvas
Fedora Update for subversion FEDORA-2010-16115
2010-11-04 00:00:00
Mandriva Update for subversion MDVSA-2010:199 (subversion)
2010-10-19 00:00:00
Fedora Update for subversion FEDORA-2010-16136
2010-11-04 00:00:00
prion
prion
Command injection
2010-10-04 21:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package subversion version 1.6.13-alt0.M50P.1
2010-11-12 00:00:00
Security fix for the ALT Linux 5 package subversion version 1.6.13-alt1
2010-10-19 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:199 ] subversion
2010-10-13 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-10-13 00:00:00
Apple Mac OS X multiple security vulnerabilities
2011-03-23 00:00:00
debiancve
debiancve
CVE-2010-3315
2010-10-04 21:00:00
nessus
nessus
openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : subversion (MDVSA-2010:199)
2010-10-14 00:00:00
openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2010:1042-1)
2011-05-05 00:00:00
debian
debian
BSA-004 Security Update for subversion
2010-10-10 09:30:09
BSA-004 Security Update for subversion
2010-10-10 09:45:47
[SECURITY] [DSA 2118-1] New subversion packages fix authentication bypass
2010-10-08 21:25:33
fedora
fedora
[SECURITY] Fedora 14 Update: subversion-1.6.13-1.fc14
2010-10-28 06:18:29
[SECURITY] Fedora 12 Update: subversion-1.6.13-1.fc12.1
2010-10-28 05:50:49
[SECURITY] Fedora 13 Update: subversion-1.6.13-1.fc13
2010-10-28 05:47:03
ubuntucve
ubuntucve
CVE-2010-3315
2010-10-04 00:00:00
cve
cve
CVE-2010-3315
2010-10-04 21:00:00
oraclelinux
oraclelinux
subversion security update
2011-02-15 00:00:00
redhat
redhat
(RHSA-2011:0258) Moderate: subversion security update
2011-02-15 00:00:00
ubuntu
ubuntu
Subversion vulnerabilities
2011-02-01 00:00:00
JSON
Related for DEBIAN_DSA-2118.NASL
openvas17prion1altlinux2securityvulns4debiancve1nessus12debian3fedora3ubuntucve1cve1oraclelinux1redhat1ubuntu1