Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-200405-14.NASL
HistoryAug 30, 2004 - 12:00 a.m.

GLSA-200405-14 : Buffer overflow in Subversion

2004-08-3000:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

The remote host is affected by the vulnerability described in GLSA-200405-14 (Buffer overflow in Subversion)

All releases of Subversion prior to 1.0.3 have a vulnerability in the     date-parsing code. This vulnerability may allow denial of service or     arbitrary code execution as the Subversion user. Both the client and     server are vulnerable, and write access is NOT required to the server's     repository.

Impact :

All servers and clients are vulnerable. Specifically, clients that     allow other users to write to administrative files in a working copy     may be exploited. Additionally all servers (whether they are httpd/DAV     or svnserve) are vulnerable. Write access to the server is not     required; public read-only Subversion servers are also exploitable.

Workaround :

There is no known workaround at this time. All users are encouraged to     upgrade to the latest available version.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200405-14.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14500);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2004-0397");
  script_xref(name:"GLSA", value:"200405-14");

  script_name(english:"GLSA-200405-14 : Buffer overflow in Subversion");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200405-14
(Buffer overflow in Subversion)

    All releases of Subversion prior to 1.0.3 have a vulnerability in the
    date-parsing code. This vulnerability may allow denial of service or
    arbitrary code execution as the Subversion user. Both the client and
    server are vulnerable, and write access is NOT required to the server's
    repository.
  
Impact :

    All servers and clients are vulnerable. Specifically, clients that
    allow other users to write to administrative files in a working copy
    may be exploited. Additionally all servers (whether they are httpd/DAV
    or svnserve) are vulnerable. Write access to the server is not
    required; public read-only Subversion servers are also exploitable.
  
Workaround :

    There is no known workaround at this time. All users are encouraged to
    upgrade to the latest available version."
  );
  # http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1853132a"
  );
  # http://security.e-matters.de/advisories/082004.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8a28c1fb"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200405-14"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Subversion users should upgrade to the latest stable version:
    # emerge sync
    # emerge -pv '>=dev-util/subversion-1.0.3'
    # emerge '>=dev-util/subversion-1.0.3'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Subversion Date Svnserve');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:subversion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-util/subversion", unaffected:make_list("ge 1.0.3"), vulnerable:make_list("le 1.0.2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dev-util/subversion");
}
VendorProductVersionCPE
gentoolinuxsubversionp-cpe:/a:gentoo:linux:subversion
gentoolinuxcpe:/o:gentoo:linux

Related

freebsd 1
openvas 4
nessus 5
securityvulns 1
debiancve 1
canvas 1
gentoo 1
cve 1
ubuntucve 1
packetstorm 1
suse 1
freebsd
freebsd
subversion date parsing vulnerability
2004-05-19 00:00:00
openvas
openvas
FreeBSD Ports: subversion
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200405-14 (subversion)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200405-14 (subversion)
2008-09-24 00:00:00
nessus
nessus
FreeBSD : subversion date parsing vulnerability (5d36ef32-a9cf-11d8-9c6d-0020ed76ef5a)
2009-04-23 00:00:00
Fedora Core 1 : subversion-0.32.1-2 (2004-127)
2004-07-23 00:00:00
Subversion < 1.0.3 apr_time_t data Conversion Remote Overflow
2004-06-08 00:00:00
securityvulns
securityvulns
[Full-Disclosure] Advisory 08/2004: Subversion remote vulnerability
2004-05-19 00:00:00
debiancve
debiancve
CVE-2004-0397
2004-07-07 04:00:00
canvas
canvas
Immunity Canvas: SVNDATE
2004-07-07 04:00:00
gentoo
gentoo
Buffer overflow in Subversion
2004-05-20 00:00:00
cve
cve
CVE-2004-0397
2004-07-07 04:00:00
ubuntucve
ubuntucve
CVE-2004-0397
2004-07-07 00:00:00
packetstorm
packetstorm
Subversion Date Overflow
2009-10-28 00:00:00
suse
suse
remote command execution in cvs
2004-05-19 11:10:20
JSON
Related for GENTOO_GLSA-200405-14.NASL
freebsd1openvas4nessus5securityvulns1debiancve1canvas1gentoo1cve1ubuntucve1packetstorm1suse1