Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2013-209.NASL
HistoryAug 07, 2013 - 12:00 a.m.

Mandriva Linux Security Advisory : subversion (MDVSA-2013:209)

2013-08-0700:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
8
JSON

A vulnerability has been found and corrected in subversion :

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root (CVE-2013-4131).

This advisory provides the latest version of subversion (1.7.11) which is not vulnerable to this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2013:209. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69232);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2013-4131");
  script_bugtraq_id(61454);
  script_xref(name:"MDVSA", value:"2013:209");

  script_name(english:"Mandriva Linux Security Advisory : subversion (MDVSA-2013:209)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability has been found and corrected in subversion :

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to
cause a denial of service (assertion failure or out-of-bounds read)
via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a
revision root (CVE-2013-4131).

This advisory provides the latest version of subversion (1.7.11) which
is not vulnerable to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://subversion.apache.org/security/CVE-2013-4131-advisory.txt"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav_svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svn-gnome-keyring0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svn0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64svnjavahl1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-SVN");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-svn-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-svn-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-svn-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-gnome-keyring-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:subversion-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:svn-javahl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"apache-mod_dav_svn-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svn-gnome-keyring0-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svn0-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64svnjavahl1-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-SVN-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-svn-devel-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-svn-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-svn-devel-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ruby-svn-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ruby-svn-devel-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-devel-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-doc-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-gnome-keyring-devel-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-server-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"subversion-tools-1.7.11-0.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"svn-javahl-1.7.11-0.1.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxapache-mod_dav_svnp-cpe:/a:mandriva:linux:apache-mod_dav_svn
mandrivalinuxlib64svn-gnome-keyring0p-cpe:/a:mandriva:linux:lib64svn-gnome-keyring0
mandrivalinuxlib64svn0p-cpe:/a:mandriva:linux:lib64svn0
mandrivalinuxlib64svnjavahl1p-cpe:/a:mandriva:linux:lib64svnjavahl1
mandrivalinuxperl-svnp-cpe:/a:mandriva:linux:perl-svn
mandrivalinuxperl-svn-develp-cpe:/a:mandriva:linux:perl-svn-devel
mandrivalinuxpython-svnp-cpe:/a:mandriva:linux:python-svn
mandrivalinuxpython-svn-develp-cpe:/a:mandriva:linux:python-svn-devel
mandrivalinuxruby-svnp-cpe:/a:mandriva:linux:ruby-svn
mandrivalinuxruby-svn-develp-cpe:/a:mandriva:linux:ruby-svn-devel
Rows per page:
1-10 of 181

Related

openvas 7
securityvulns 2
fedora 2
nessus 7
prion 1
freebsd 1
mageia 1
ubuntucve 1
amazon 1
cve 1
debiancve 1
gentoo 1
openvas
openvas
Fedora Update for subversion FEDORA-2013-13696
2013-08-20 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-221)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2013-0244)
2022-01-28 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:209 ] subversion
2013-08-12 00:00:00
Apache mod_dav_svn DoS
2013-08-12 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: subversion-1.7.11-1.fc19
2013-08-02 03:31:02
[SECURITY] Fedora 18 Update: subversion-1.7.11-1.fc18.1
2013-08-15 02:33:32
nessus
nessus
openSUSE Security Update : subversion (openSUSE-SU-2013:1286-1)
2014-06-13 00:00:00
FreeBSD : subversion -- remotely triggerable 'Assertion failed' DoS vulnerability or read overflow. (2ae24334-f2e6-11e2-8346-001e8c75030d)
2013-07-25 00:00:00
Amazon Linux AMI : subversion (ALAS-2013-221)
2013-10-01 00:00:00
prion
prion
Out-of-bounds
2013-07-31 13:20:00
freebsd
freebsd
subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.
2013-07-19 00:00:00
mageia
mageia
Updated subversion packages fixes security vulnerability
2013-08-11 16:24:46
ubuntucve
ubuntucve
CVE-2013-4131
2013-07-31 00:00:00
amazon
amazon
Medium: subversion
2013-09-04 13:32:00
cve
cve
CVE-2013-4131
2013-07-31 13:20:00
debiancve
debiancve
CVE-2013-4131
2013-07-31 13:20:00
gentoo
gentoo
Subversion: Multiple vulnerabilities
2013-09-23 00:00:00
JSON
Related for MANDRIVA_MDVSA-2013-209.NASL
openvas7securityvulns2fedora2nessus7prion1freebsd1mageia1ubuntucve1amazon1cve1debiancve1gentoo1