Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2014-17118.NASL
HistoryJan 06, 2015 - 12:00 a.m.

Fedora 21 : subversion-1.8.11-1.fc21 (2014-17118)

2015-01-0600:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.9%

JSON

This update includes the latest stable release of Apache Subversion, version1.8.11. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see :

http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt

Client-side bugfixes:

Server-side bugfixes:

  • disable revprop caching feature due to cache invalidation problems

    • skip generating uniquifiers if rep-sharing is not supported

    • mod_dav_svn: reject requests with missing repository paths

    • mod_dav_svn: reject requests with invalid virtual transaction names

    • mod_dav_svn: avoid unneeded memory growth in resource walking http://subversion.tigris.org/issues/show_bug.cgi?id=45 31

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2014-17118.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80373);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-3580", "CVE-2014-8108");
  script_bugtraq_id(71725, 71726);
  script_xref(name:"FEDORA", value:"2014-17118");

  script_name(english:"Fedora 21 : subversion-1.8.11-1.fc21 (2014-17118)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update includes the latest stable release of **Apache
Subversion**, version **1.8.11**. Two security issues in mod_dav_svn
are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more
details, see :

http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
http://subversion.apache.org/security/CVE-2014-3580-advisory.txt

**Client-side bugfixes:**

  - checkout/update: fix file externals failing to follow
    history and subsequently silently failing
    http://subversion.tigris.org/issues/show_bug.cgi?id=4185

    - patch: don't skip targets in valid --git difs

    - diff: make property output in diffs stable

    - diff: fix diff of local copied directory with props

    - diff: fix changelist filter for repos-WC and WC-WC

    - remove broken conflict resolver menu options that
      always error out

    - improve gpg-agent support

    - fix crash in eclipse IDE with GNOME Keyring
      http://subversion.tigris.org/issues/show_bug.cgi?id=34
      98

    - fix externals shadowing a versioned directory
      http://subversion.tigris.org/issues/show_bug.cgi?id=40
      85

    - fix problems working on unix file systems that don't
      support permissions

    - upgrade: keep external registrations
      http://subversion.tigris.org/issues/show_bug.cgi?id=45
      19

    - cleanup: iprove performance of recorded timestamp
      fixups

    - translation updates for German

**Server-side bugfixes:**

  - disable revprop caching feature due to cache
    invalidation problems

    - skip generating uniquifiers if rep-sharing is not
      supported

    - mod_dav_svn: reject requests with missing repository
      paths

    - mod_dav_svn: reject requests with invalid virtual
      transaction names

    - mod_dav_svn: avoid unneeded memory growth in resource
      walking
      http://subversion.tigris.org/issues/show_bug.cgi?id=45
      31

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://subversion.apache.org/security/CVE-2014-3580-advisory.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://subversion.tigris.org/issues/show_bug.cgi?id=3498"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://subversion.tigris.org/issues/show_bug.cgi?id=4085"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://subversion.tigris.org/issues/show_bug.cgi?id=4185"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://subversion.tigris.org/issues/show_bug.cgi?id=4519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://subversion.tigris.org/issues/show_bug.cgi?id=4531"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1174054"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1174057"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147513.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?367656db"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected subversion package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC21", reference:"subversion-1.8.11-1.fc21")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "subversion");
}
VendorProductVersionCPE
fedoraprojectfedorasubversionp-cpe:/a:fedoraproject:fedora:subversion
fedoraprojectfedora21cpe:/o:fedoraproject:fedora:21

Related

archlinux 1
nessus 21
openvas 16
securityvulns 4
freebsd 1
fedora 2
mageia 1
amazon 1
redhat 2
centos 2
oraclelinux 2
ubuntucve 2
cvelist 2
prion 2
cve 2
debiancve 2
nvd 2
debian 2
osv 1
ubuntu 1
veracode 1
suse 1
archlinux
archlinux
subversion: denial of service
2014-12-16 00:00:00
nessus
nessus
openSUSE Security Update : subversion (openSUSE-SU-2014:1725-1)
2014-12-30 00:00:00
Apache Subversion < 1.7.19 / 1.8.x < 1.8.11 Multiple DoS
2015-01-09 00:00:00
Mandriva Linux Security Advisory : subversion (MDVSA-2015:005)
2015-01-06 00:00:00
openvas
openvas
Fedora Update for subversion FEDORA-2014-17118
2015-01-05 00:00:00
Fedora Update for subversion FEDORA-2014-17222
2015-01-05 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-555)
2015-09-08 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:005 ] subversion
2015-01-13 00:00:00
Apache Subversion DoS
2015-01-13 00:00:00
[SECURITY] [DSA 3107-1] subversion security update
2014-12-23 00:00:00
freebsd
freebsd
subversion -- DoS vulnerabilities
2014-12-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: subversion-1.8.11-1.fc20
2015-01-05 07:38:55
[SECURITY] Fedora 21 Update: subversion-1.8.11-1.fc21
2015-01-05 07:39:50
mageia
mageia
Updated subversion packages fix security vulnerabilities
2014-12-23 23:35:35
amazon
amazon
Medium: mod_dav_svn, subversion
2015-06-24 10:08:00
redhat
redhat
(RHSA-2015:0166) Moderate: subversion security update
2015-02-10 00:00:00
(RHSA-2015:0165) Moderate: subversion security update
2015-02-10 00:00:00
centos
centos
mod_dav_svn, subversion security update
2015-02-11 00:09:48
mod_dav_svn, subversion security update
2015-02-10 22:32:42
oraclelinux
oraclelinux
subversion security update
2015-02-10 00:00:00
subversion security update
2015-02-10 00:00:00
ubuntucve
ubuntucve
CVE-2014-8108
2014-12-18 00:00:00
CVE-2014-3580
2014-12-18 00:00:00
cvelist
cvelist
CVE-2014-8108
2014-12-18 15:00:00
CVE-2014-3580
2014-12-18 15:00:00
prion
prion
Null pointer dereference
2014-12-18 15:59:00
Null pointer dereference
2014-12-18 15:59:00
cve
cve
CVE-2014-8108
2014-12-18 15:59:01
CVE-2014-3580
2014-12-18 15:59:00
debiancve
debiancve
CVE-2014-8108
2014-12-18 15:59:01
CVE-2014-3580
2014-12-18 15:59:00
nvd
nvd
CVE-2014-8108
2014-12-18 15:59:01
CVE-2014-3580
2014-12-18 15:59:00
debian
debian
[SECURITY] [DSA 3107-1] subversion security update
2014-12-20 18:27:56
[SECURITY] [DLA 119-1] subversion security update
2014-12-21 22:05:08
osv
osv
subversion - security update
2014-12-21 00:00:00
ubuntu
ubuntu
Subversion vulnerabilities
2015-08-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:13:28
suse
suse
Security update for subversion (important)
2017-08-17 12:10:12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.9%

JSON
Related for FEDORA_2014-17118.NASL
archlinux1nessus21openvas16securityvulns4freebsd1fedora2mageia1amazon1redhat2centos2oraclelinux2ubuntucve2cvelist2prion2cve2debiancve2nvd2debian2osv1ubuntu1veracode1suse1