ID SUBVERSION_1_0_3.NASL Type nessus Reporter Tenable Modified 2018-08-07T00:00:00
Description
The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.
#
# (C) Tenable Network Security, Inc.
#
include( 'compat.inc' );
if(description)
{
script_id(12260);
script_version ("1.14");
script_bugtraq_id(10428);
script_name(english:"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow");
script_summary(english:"Subversion Pre-Commit-Hook Vulnerability");
script_set_attribute(
attribute:'synopsis',
value:'The remote service is vulnerable to a buffer overflow.'
);
script_set_attribute(
attribute:'description',
value:'The remote host is reported vulnerable to a remote
overflow. An attacker, exploiting this hole, would be
given full access to the target machine. Versions of
Subversion less than 1.0.4 are vulnerable to this attack.'
);
script_set_attribute(
attribute:'solution',
value:'Upgrade to version 1.0.4 or higher'
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(
attribute:'see_also',
value:'http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup'
);
script_set_attribute(attribute:"plugin_publication_date", value: "2004/06/08");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/05/21");
script_cvs_date("Date: 2018/08/07 16:46:50");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
script_family(english:"Misc.");
script_dependencie("subversion_detection.nasl");
script_require_ports("Services/subversion");
exit(0);
}
# start check
port = get_kb_item("Services/subversion");
if ( ! port ) port = 3690;
if (! get_tcp_port_state(port))
exit(0);
dat = string("( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) ");
soc = open_sock_tcp(port);
if (!soc)
exit(0);
r = recv_line(socket:soc, length:1024);
if (! r)
exit(0);
send(socket:soc, data:dat);
r = recv_line(socket:soc, length:256);
if (! r)
exit(0);
#display(r);
if (egrep(string:r, pattern:".*subversion-1\.0\.[0-3][^0-9].*"))
{
security_hole(port);
}
close(soc);
exit(0);
{"id": "SUBVERSION_1_0_3.NASL", "bulletinFamily": "scanner", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "description": "The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.", "published": "2004-06-08T00:00:00", "modified": "2018-08-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12260", "reporter": "Tenable", "references": ["http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup"], "cvelist": [], "type": "nessus", "lastseen": "2018-08-10T17:25:24", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.", "edition": 1, "hash": "4a76891d0ed0ac39c2e6fdc7f27b3e5fd7b0fe4882f004d81f5f746bf42ab83b", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "db45e181d7b1a5385a60cef2a9381c88", "key": "href"}, {"hash": "f988dc6e0b4d047c838adcca890ea132", "key": "naslFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a52d89a13fad6df2ab57be05184be96", "key": "published"}, {"hash": "e79bb200d83ee7fe727a8bbd41bc5bea", "key": "pluginID"}, {"hash": "0b641e186e1f68945e42e99b9bd4fbd7", "key": "modified"}, {"hash": "a2732fb610cb1d2f93b673290e21b159", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d76f3d89101cf6fbf1d1a0d7a7409a66", "key": "references"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b1779dfb9754c1d3c082a3a153eb721f", "key": "sourceData"}, {"hash": "9aeccb54d4abbf33c9a15e2e2534314e", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12260", "id": "SUBVERSION_1_0_3.NASL", "lastseen": "2016-09-26T17:25:51", "modified": "2011-03-11T00:00:00", "naslFamily": "Misc.", "objectVersion": "1.2", "pluginID": "12260", "published": "2004-06-08T00:00:00", "references": ["http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"$Revision: 1.12 $\");\n script_bugtraq_id(10428);\n script_osvdb_id(38192);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n\n script_set_attribute(\n attribute:'see_also',\n value:'http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"$Date: 2011/03/11 21:52:39 $\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:25:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2297996e4c219e63fdcffe9db00772d30e1f0a27b3e0d9aa0ec6224ed5e03ac5", "hashmap": [{"hash": "65cefbfe023aca4dbaf80be2d2558490", "key": "sourceData"}, {"hash": "db45e181d7b1a5385a60cef2a9381c88", "key": "href"}, {"hash": "f988dc6e0b4d047c838adcca890ea132", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a52d89a13fad6df2ab57be05184be96", "key": "published"}, {"hash": "e79bb200d83ee7fe727a8bbd41bc5bea", "key": "pluginID"}, {"hash": "a2732fb610cb1d2f93b673290e21b159", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d76f3d89101cf6fbf1d1a0d7a7409a66", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1ac4c362d435a40acf97fe0a9efae1f3", "key": "modified"}, {"hash": "9aeccb54d4abbf33c9a15e2e2534314e", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12260", "id": "SUBVERSION_1_0_3.NASL", "lastseen": "2016-12-15T10:14:40", "modified": "2016-12-14T00:00:00", "naslFamily": "Misc.", "objectVersion": "1.2", "pluginID": "12260", "published": "2004-06-08T00:00:00", "references": ["http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"$Revision: 1.13 $\");\n script_bugtraq_id(10428);\n script_osvdb_id(38192);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(\n attribute:'see_also',\n value:'http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup'\n );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"$Date: 2016/12/14 20:33:27 $\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "type": "nessus", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2016-12-15T10:14:40"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "a2732fb610cb1d2f93b673290e21b159"}, {"key": "href", "hash": "db45e181d7b1a5385a60cef2a9381c88"}, {"key": "modified", "hash": "f310bf9180512c8bb6be0b0fd0fd4f6f"}, {"key": "naslFamily", "hash": "f988dc6e0b4d047c838adcca890ea132"}, {"key": "pluginID", "hash": "e79bb200d83ee7fe727a8bbd41bc5bea"}, {"key": "published", "hash": "4a52d89a13fad6df2ab57be05184be96"}, {"key": "references", "hash": "d76f3d89101cf6fbf1d1a0d7a7409a66"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "073524ac5b37f9855c8ea0ed88c9a9b9"}, {"key": "title", "hash": "9aeccb54d4abbf33c9a15e2e2534314e"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "cb6c714ade3cc85e7afe18b6c518df48d1e9fc10ae4c7b8e91891caa7f962692", "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"1.14\");\n script_bugtraq_id(10428);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(\n attribute:'see_also',\n value:'http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup'\n );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"Date: 2018/08/07 16:46:50\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "naslFamily": "Misc.", "pluginID": "12260", "cpe": []}
