Multiple vulnerabilities has been found and corrected in subversion :
Subversion’s mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild (CVE-2013-1845).
Subversion’s mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS.
There are no known instances of this problem being observed in the wild (CVE-2013-1846).
Subversion’s mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL.
This can lead to a DoS. There are no known instances of this problem being observed in the wild (CVE-2013-1847).
Subversion’s mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list (CVE-2013-1849).
Subversion’s mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range.
This can lead to a DoS. There are no known instances of this problem being used as a DoS in the wild (CVE-2013-1884).
The updated packages have been upgraded to the 1.7.9 version which is not affected by these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2013:153.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(66252);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2013-1845", "CVE-2013-1846", "CVE-2013-1847", "CVE-2013-1849", "CVE-2013-1884");
script_bugtraq_id(58323, 58895, 58896, 58897, 58898);
script_xref(name:"MDVSA", value:"2013:153");
script_name(english:"Mandriva Linux Security Advisory : subversion (MDVSA-2013:153)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities has been found and corrected in subversion :
Subversion's mod_dav_svn Apache HTTPD server module will use excessive
amounts of memory when a large number of properties are set or deleted
on a node. This can lead to a DoS. There are no known instances of
this problem being observed in the wild (CVE-2013-1845).
Subversion's mod_dav_svn Apache HTTPD server module will crash when a
LOCK request is made against activity URLs. This can lead to a DoS.
There are no known instances of this problem being observed in the
wild (CVE-2013-1846).
Subversion's mod_dav_svn Apache HTTPD server module will crash in some
circumstances when a LOCK request is made against a non-existent URL.
This can lead to a DoS. There are no known instances of this problem
being observed in the wild (CVE-2013-1847).
Subversion's mod_dav_svn Apache HTTPD server module will crash when a
PROPFIND request is made against activity URLs. This can lead to a
DoS. There are no known instances of this problem being observed in
the wild, but the details of how to exploit it have been disclosed on
the full disclosure mailing list (CVE-2013-1849).
Subversion's mod_dav_svn Apache HTTPD server module will crash when a
log REPORT request receives a limit that is out of the allowed range.
This can lead to a DoS. There are no known instances of this problem
being used as a DoS in the wild (CVE-2013-1884).
The updated packages have been upgraded to the 1.7.9 version which is
not affected by these issues."
);
script_set_attribute(
attribute:"see_also",
value:"http://subversion.apache.org/security/CVE-2013-1845-advisory.txt"
);
script_set_attribute(
attribute:"see_also",
value:"http://subversion.apache.org/security/CVE-2013-1846-advisory.txt"
);
script_set_attribute(
attribute:"see_also",
value:"http://subversion.apache.org/security/CVE-2013-1847-advisory.txt"
);
script_set_attribute(
attribute:"see_also",
value:"http://subversion.apache.org/security/CVE-2013-1849-advisory.txt"
);
script_set_attribute(
attribute:"see_also",
value:"http://subversion.apache.org/security/CVE-2013-1884-advisory.txt"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav_svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svn-gnome-keyring0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svn0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svnjavahl1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-SVN");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-svn-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-svn-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-svn-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-gnome-keyring-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:svn-javahl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_set_attribute(attribute:"patch_publication_date", value:"2013/04/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/29");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"apache-mod_dav_svn-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svn-gnome-keyring0-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svn0-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svnjavahl1-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-SVN-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-svn-devel-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-svn-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-svn-devel-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ruby-svn-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ruby-svn-devel-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-devel-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-doc-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-gnome-keyring-devel-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-server-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-tools-1.7.9-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"svn-javahl-1.7.9-0.1.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
mandriva | linux | apache-mod_dav_svn | p-cpe:/a:mandriva:linux:apache-mod_dav_svn |
mandriva | linux | lib64svn-gnome-keyring0 | p-cpe:/a:mandriva:linux:lib64svn-gnome-keyring0 |
mandriva | linux | lib64svn0 | p-cpe:/a:mandriva:linux:lib64svn0 |
mandriva | linux | lib64svnjavahl1 | p-cpe:/a:mandriva:linux:lib64svnjavahl1 |
mandriva | linux | perl-svn | p-cpe:/a:mandriva:linux:perl-svn |
mandriva | linux | perl-svn-devel | p-cpe:/a:mandriva:linux:perl-svn-devel |
mandriva | linux | python-svn | p-cpe:/a:mandriva:linux:python-svn |
mandriva | linux | python-svn-devel | p-cpe:/a:mandriva:linux:python-svn-devel |
mandriva | linux | ruby-svn | p-cpe:/a:mandriva:linux:ruby-svn |
mandriva | linux | ruby-svn-devel | p-cpe:/a:mandriva:linux:ruby-svn-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884
subversion.apache.org/security/CVE-2013-1845-advisory.txt
subversion.apache.org/security/CVE-2013-1846-advisory.txt
subversion.apache.org/security/CVE-2013-1847-advisory.txt
subversion.apache.org/security/CVE-2013-1849-advisory.txt
subversion.apache.org/security/CVE-2013-1884-advisory.txt