Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.GENTOO_GLSA-200407-20.NASL
HistoryAug 30, 2004 - 12:00 a.m.

GLSA-200407-20 : Subversion: Vulnerability in mod_authz_svn

2004-08-3000:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
6

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.2%

JSON

The remote host is affected by the vulnerability described in GLSA-200407-20 (Subversion: Vulnerability in mod_authz_svn)

Users with write access to part of a Subversion repository may bypass     read restrictions on any part of that repository. This can be done     using an 'svn copy' command to copy the portion of a repository the     user wishes to read into an area where they have write access.
Since copies are versioned, any such copy attempts will be readily     apparent.

Impact :

This is a low-risk vulnerability. It affects only users of Subversion     who are running servers inside Apache and using mod_authz_svn.
Additionally, this vulnerability may be exploited only by users with     write access to some portion of a repository.

Workaround :

Keep sensitive content separated into different Subversion     repositories, or disable the Apache Subversion server and use svnserve     instead.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200407-20.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14553);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2004-1438");
  script_xref(name:"GLSA", value:"200407-20");

  script_name(english:"GLSA-200407-20 : Subversion: Vulnerability in mod_authz_svn");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200407-20
(Subversion: Vulnerability in mod_authz_svn)

    Users with write access to part of a Subversion repository may bypass
    read restrictions on any part of that repository. This can be done
    using an 'svn copy' command to copy the portion of a repository the
    user wishes to read into an area where they have write access.
    Since copies are versioned, any such copy attempts will be readily
    apparent.
  
Impact :

    This is a low-risk vulnerability. It affects only users of Subversion
    who are running servers inside Apache and using mod_authz_svn.
    Additionally, this vulnerability may be exploited only by users with
    write access to some portion of a repository.
  
Workaround :

    Keep sensitive content separated into different Subversion
    repositories, or disable the Apache Subversion server and use svnserve
    instead."
  );
  # http://svn.collab.net/repos/svn/tags/1.0.6/CHANGES
  script_set_attribute(
    attribute:"see_also",
    value:"http://svn.apache.org/repos/asf/subversion/branches/1.0.x/CHANGES"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200407-20"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Subversion users should upgrade to the latest available version:
    # emerge sync
    # emerge -pv '>=dev-util/subversion-1.0.6'
    # emerve '>=dev-util/subversion-1.0.6'"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:subversion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/07/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-util/subversion", unaffected:make_list("ge 1.0.6"), vulnerable:make_list("le 1.0.4-r1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Subversion");
}
VendorProductVersionCPE
gentoolinuxsubversionp-cpe:/a:gentoo:linux:subversion
gentoolinuxcpe:/o:gentoo:linux

Related

cvelist 1
gentoo 1
cve 1
nessus 1
openvas 4
nvd 1
debiancve 1
cvelist
cvelist
CVE-2004-1438
2005-02-13 05:00:00
gentoo
gentoo
Subversion: Vulnerability in mod_authz_svn
2004-07-26 00:00:00
cve
cve
CVE-2004-1438
2005-02-13 05:00:00
nessus
nessus
Subversion < 1.0.6 mod_authz_svn Restricted File Access Bypass
2004-07-27 00:00:00
openvas
openvas
Subversion Module File Restriction Bypass
2005-11-03 00:00:00
Gentoo Security Advisory GLSA 200407-20 (subversion)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200407-20 (subversion)
2008-09-24 00:00:00
nvd
nvd
CVE-2004-1438
2004-12-31 05:00:00
debiancve
debiancve
CVE-2004-1438
2005-02-13 05:00:00

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.2%

JSON
Related for GENTOO_GLSA-200407-20.NASL
cvelist1gentoo1cve1nessus1openvas4nvd1debiancve1