Several security issues have been found in the server components of the version control system subversion.
CVE-2015-3184 Subversion’s mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. This issue does not affect the oldstable distribution (wheezy) because it only contains Apache httpd 2.2.
CVE-2015-3187 Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by path-based authz.
When a node is copied from an unreadable location to a readable location the unreadable path may be revealed.
This vulnerablity only reveals the path, it does not reveal the contents of the path.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-3331. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(85354);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-3184", "CVE-2015-3187");
script_xref(name:"DSA", value:"3331");
script_name(english:"Debian DSA-3331-1 : subversion - security update");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several security issues have been found in the server components of
the version control system subversion.
- CVE-2015-3184
Subversion's mod_authz_svn does not properly restrict
anonymous access in some mixed anonymous/authenticated
environments when using Apache httpd 2.4. The result is
that anonymous access may be possible to files for which
only authenticated access should be possible. This issue
does not affect the oldstable distribution (wheezy)
because it only contains Apache httpd 2.2.
- CVE-2015-3187
Subversion servers, both httpd and svnserve, will reveal
some paths that should be hidden by path-based authz.
When a node is copied from an unreadable location to a
readable location the unreadable path may be revealed.
This vulnerablity only reveals the path, it does not
reveal the contents of the path."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2015-3184"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2015-3187"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/subversion"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/jessie/subversion"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2015/dsa-3331"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the subversion packages.
For the oldstable distribution (wheezy), this problem has been fixed
in version 1.6.17dfsg-4+deb7u10.
For the stable distribution (jessie), these problems have been fixed
in version 1.8.10-6+deb8u1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:subversion");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"patch_publication_date", value:"2015/08/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"libapache2-svn", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsvn-dev", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsvn-doc", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsvn-java", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsvn-perl", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsvn-ruby", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsvn-ruby1.8", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsvn1", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"python-subversion", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"subversion", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"subversion-tools", reference:"1.6.17dfsg-4+deb7u10")) flag++;
if (deb_check(release:"8.0", prefix:"libapache2-mod-svn", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libapache2-svn", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libsvn-dev", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libsvn-doc", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libsvn-java", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libsvn-perl", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libsvn-ruby1.8", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libsvn1", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"python-subversion", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"ruby-svn", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"subversion", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"subversion-dbg", reference:"1.8.10-6+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"subversion-tools", reference:"1.8.10-6+deb8u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | subversion | p-cpe:/a:debian:debian_linux:subversion |
debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
debian | debian_linux | 8.0 | cpe:/o:debian:debian_linux:8.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187
packages.debian.org/source/jessie/subversion
packages.debian.org/source/wheezy/subversion
security-tracker.debian.org/tracker/CVE-2015-3184
security-tracker.debian.org/tracker/CVE-2015-3187
www.debian.org/security/2015/dsa-3331