Search...

Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow

2004-06-08T00:00:00

ID SUBVERSION_1_0_3.NASL
Type nessus
Reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
Modified 2019-11-02T00:00:00

Description

The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include( 'compat.inc' );

if(description)
{
  script_id(12260);
  script_version ("1.15");
  script_bugtraq_id(10428);

  script_name(english:"Subversion &lt; 1.0.4 Pre-Commit-Hook Remote Overflow");
  script_summary(english:"Subversion Pre-Commit-Hook Vulnerability");

  script_set_attribute(
    attribute:'synopsis',
    value:'The remote service is vulnerable to a buffer overflow.'
  );

  script_set_attribute(
    attribute:'description',
    value:'The remote host is reported vulnerable to a remote
overflow.  An attacker, exploiting this hole, would be
given full access to the target machine.  Versions of
Subversion less than 1.0.4 are vulnerable to this attack.'
  );

  script_set_attribute(
    attribute:'solution',
    value:'Upgrade to version 1.0.4 or higher'
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(
    attribute:'see_also',
    value:'https://subversion.apache.org/source-code?view=markup'
  );

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/06/08");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/05/21");
 script_cvs_date("Date: 2018/11/15 20:50:24");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();
  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
  script_family(english:"Misc.");
  script_dependencie("subversion_detection.nasl");
  script_require_ports("Services/subversion");
  exit(0);
}



# start check

port = get_kb_item("Services/subversion");
if ( ! port ) port = 3690;

if (! get_tcp_port_state(port))
	exit(0);

dat = string("( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) ");

soc = open_sock_tcp(port);
if (!soc)
        exit(0);

r = recv_line(socket:soc, length:1024);

if (! r)
	exit(0);

send(socket:soc, data:dat);
r = recv_line(socket:soc, length:256);

if (! r)
	exit(0);

#display(r);

if (egrep(string:r, pattern:".*subversion-1\.0\.[0-3][^0-9].*"))
{
	security_hole(port);
}

close(soc);
exit(0);

JSON Vulners Source

Initial Source

{"id": "SUBVERSION_1_0_3.NASL", "bulletinFamily": "scanner", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "description": "The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.", "published": "2004-06-08T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/12260", "reporter": "This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.", "references": ["https://subversion.apache.org/source-code?view=markup"], "cvelist": [], "type": "nessus", "lastseen": "2019-11-03T12:17:15", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-10-28T21:21:14", "references": [{"idList": ["SUBVERSION_DETECTION.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-28T21:21:14", "value": 0.7, "vector": "NONE"}}, "hash": "ddefec92d0664b2136e606e79822bf6b0e47b210be6186a0feedce81e8c86a4c", "hashmap": [{"hash": "145968127c05d8ca3af1c7581a8e3a9b", "key": "reporter"}, {"hash": "dedd5c8ea5929c5db3e822bec6478940", "key": "description"}, {"hash": "f988dc6e0b4d047c838adcca890ea132", "key": "naslFamily"}, {"hash": "4a52d89a13fad6df2ab57be05184be96", "key": "published"}, {"hash": "e79bb200d83ee7fe727a8bbd41bc5bea", "key": "pluginID"}, {"hash": "a115c4dfba8cef9063f21d8ca9db749d", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "dcf4e073a58afd584ad744bcece1f61e", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "bda75eb1c9d2517f7839750f9de5e550", "key": "sourceData"}, {"hash": "9aeccb54d4abbf33c9a15e2e2534314e", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/12260", "id": "SUBVERSION_1_0_3.NASL", "lastseen": "2019-10-28T21:21:14", "modified": "2019-10-02T00:00:00", "naslFamily": "Misc.", "objectVersion": "1.3", "pluginID": "12260", "published": "2004-06-08T00:00:00", "references": ["https://subversion.apache.org/source-code?view=markup"], "reporter": "This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"1.15\");\n script_bugtraq_id(10428);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(\n attribute:'see_also',\n value:'https://subversion.apache.org/source-code?view=markup'\n );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "type": "nessus", "viewCount": 2}, "differentElements": ["modified"], "edition": 7, "lastseen": "2019-10-28T21:21:14"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2297996e4c219e63fdcffe9db00772d30e1f0a27b3e0d9aa0ec6224ed5e03ac5", "hashmap": [{"hash": "65cefbfe023aca4dbaf80be2d2558490", "key": "sourceData"}, {"hash": "db45e181d7b1a5385a60cef2a9381c88", "key": "href"}, {"hash": "f988dc6e0b4d047c838adcca890ea132", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a52d89a13fad6df2ab57be05184be96", "key": "published"}, {"hash": "e79bb200d83ee7fe727a8bbd41bc5bea", "key": "pluginID"}, {"hash": "a2732fb610cb1d2f93b673290e21b159", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d76f3d89101cf6fbf1d1a0d7a7409a66", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1ac4c362d435a40acf97fe0a9efae1f3", "key": "modified"}, {"hash": "9aeccb54d4abbf33c9a15e2e2534314e", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12260", "id": "SUBVERSION_1_0_3.NASL", "lastseen": "2016-12-15T10:14:40", "modified": "2016-12-14T00:00:00", "naslFamily": "Misc.", "objectVersion": "1.2", "pluginID": "12260", "published": "2004-06-08T00:00:00", "references": ["http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"$Revision: 1.13 $\");\n script_bugtraq_id(10428);\n script_osvdb_id(38192);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(\n attribute:'see_also',\n value:'http://svn.collab.net/viewvc/svn/branches/1.4.x/CHANGES?view=markup'\n );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"$Date: 2016/12/14 20:33:27 $\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "type": "nessus", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2016-12-15T10:14:40"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "8b8c7182644130e75c40abe407c5e9f32dee6213e5e18f427a7cf6d574c71454", "hashmap": [{"hash": "db45e181d7b1a5385a60cef2a9381c88", "key": "href"}, {"hash": "f988dc6e0b4d047c838adcca890ea132", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a52d89a13fad6df2ab57be05184be96", "key": "published"}, {"hash": "e79bb200d83ee7fe727a8bbd41bc5bea", "key": "pluginID"}, {"hash": "a115c4dfba8cef9063f21d8ca9db749d", "key": "references"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "a2732fb610cb1d2f93b673290e21b159", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "bda75eb1c9d2517f7839750f9de5e550", "key": "sourceData"}, {"hash": "9aeccb54d4abbf33c9a15e2e2534314e", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12260", "id": "SUBVERSION_1_0_3.NASL", "lastseen": "2018-11-17T03:10:13", "modified": "2018-11-15T00:00:00", "naslFamily": "Misc.", "objectVersion": "1.3", "pluginID": "12260", "published": "2004-06-08T00:00:00", "references": ["https://subversion.apache.org/source-code?view=markup"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"1.15\");\n script_bugtraq_id(10428);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(\n attribute:'see_also',\n value:'https://subversion.apache.org/source-code?view=markup'\n );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-11-17T03:10:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-02-21T01:07:51", "references": [{"idList": ["SUBVERSION_DETECTION.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-02-21T01:07:51", "value": 0.7, "vector": "NONE"}}, "hash": "8b8c7182644130e75c40abe407c5e9f32dee6213e5e18f427a7cf6d574c71454", "hashmap": [{"hash": "db45e181d7b1a5385a60cef2a9381c88", "key": "href"}, {"hash": "f988dc6e0b4d047c838adcca890ea132", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a52d89a13fad6df2ab57be05184be96", "key": "published"}, {"hash": "e79bb200d83ee7fe727a8bbd41bc5bea", "key": "pluginID"}, {"hash": "a115c4dfba8cef9063f21d8ca9db749d", "key": "references"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "a2732fb610cb1d2f93b673290e21b159", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "bda75eb1c9d2517f7839750f9de5e550", "key": "sourceData"}, {"hash": "9aeccb54d4abbf33c9a15e2e2534314e", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12260", "id": "SUBVERSION_1_0_3.NASL", "lastseen": "2019-02-21T01:07:51", "modified": "2018-11-15T00:00:00", "naslFamily": "Misc.", "objectVersion": "1.3", "pluginID": "12260", "published": "2004-06-08T00:00:00", "references": ["https://subversion.apache.org/source-code?view=markup"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"1.15\");\n script_bugtraq_id(10428);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(\n attribute:'see_also',\n value:'https://subversion.apache.org/source-code?view=markup'\n );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "type": "nessus", "viewCount": 2}, "differentElements": ["description", "reporter", "modified", "href"], "edition": 6, "lastseen": "2019-02-21T01:07:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:05:24", "references": []}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "80ef567326690391e52e46e944ffa8ee257f4e807ec5767acec0b2d46802262e", "hashmap": [{"hash": "db45e181d7b1a5385a60cef2a9381c88", "key": "href"}, {"hash": "dedd5c8ea5929c5db3e822bec6478940", "key": "description"}, {"hash": "f988dc6e0b4d047c838adcca890ea132", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a52d89a13fad6df2ab57be05184be96", "key": "published"}, {"hash": "e79bb200d83ee7fe727a8bbd41bc5bea", "key": "pluginID"}, {"hash": "a115c4dfba8cef9063f21d8ca9db749d", "key": "references"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "bda75eb1c9d2517f7839750f9de5e550", "key": "sourceData"}, {"hash": "9aeccb54d4abbf33c9a15e2e2534314e", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12260", "id": "SUBVERSION_1_0_3.NASL", "lastseen": "2019-01-16T20:05:24", "modified": "2018-11-15T00:00:00", "naslFamily": "Misc.", "objectVersion": "1.3", "pluginID": "12260", "published": "2004-06-08T00:00:00", "references": ["https://subversion.apache.org/source-code?view=markup"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"1.15\");\n script_bugtraq_id(10428);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(\n attribute:'see_also',\n value:'https://subversion.apache.org/source-code?view=markup'\n );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "title": "Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:05:24"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "dedd5c8ea5929c5db3e822bec6478940"}, {"key": "href", "hash": "dcf4e073a58afd584ad744bcece1f61e"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "f988dc6e0b4d047c838adcca890ea132"}, {"key": "pluginID", "hash": "e79bb200d83ee7fe727a8bbd41bc5bea"}, {"key": "published", "hash": "4a52d89a13fad6df2ab57be05184be96"}, {"key": "references", "hash": "a115c4dfba8cef9063f21d8ca9db749d"}, {"key": "reporter", "hash": "145968127c05d8ca3af1c7581a8e3a9b"}, {"key": "sourceData", "hash": "bda75eb1c9d2517f7839750f9de5e550"}, {"key": "title", "hash": "9aeccb54d4abbf33c9a15e2e2534314e"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "65f0bbb625feaaea091a60c19f377572f1f6bc6ac987112b89e5b763523141bc", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUBVERSION_DETECTION.NASL"]}], "modified": "2019-11-03T12:17:15"}, "score": {"value": 0.7, "vector": "NONE", "modified": "2019-11-03T12:17:15"}, "vulnersScore": 0.7}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude( 'compat.inc' );\n\nif(description)\n{\n script_id(12260);\n script_version (\"1.15\");\n script_bugtraq_id(10428);\n\n script_name(english:\"Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow\");\n script_summary(english:\"Subversion Pre-Commit-Hook Vulnerability\");\n\n script_set_attribute(\n attribute:'synopsis',\n value:'The remote service is vulnerable to a buffer overflow.'\n );\n\n script_set_attribute(\n attribute:'description',\n value:'The remote host is reported vulnerable to a remote\noverflow. An attacker, exploiting this hole, would be\ngiven full access to the target machine. Versions of\nSubversion less than 1.0.4 are vulnerable to this attack.'\n );\n\n script_set_attribute(\n attribute:'solution',\n value:'Upgrade to version 1.0.4 or higher'\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(\n attribute:'see_also',\n value:'https://subversion.apache.org/source-code?view=markup'\n );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n script_dependencie(\"subversion_detection.nasl\");\n script_require_ports(\"Services/subversion\");\n exit(0);\n}\n\n\n\n# start check\n\nport = get_kb_item(\"Services/subversion\");\nif ( ! port ) port = 3690;\n\nif (! get_tcp_port_state(port))\n\texit(0);\n\ndat = string(\"( 2 ( edit-pipeline ) 24:svn://host/svn/nessusr0x ) \");\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nsend(socket:soc, data:dat);\nr = recv_line(socket:soc, length:256);\n\nif (! r)\n\texit(0);\n\n#display(r);\n\nif (egrep(string:r, pattern:\".*subversion-1\\.0\\.[0-3][^0-9].*\"))\n{\n\tsecurity_hole(port);\n}\n\nclose(soc);\nexit(0);\n", "naslFamily": "Misc.", "pluginID": "12260", "cpe": [], "scheme": null}

{"nessus": [{"lastseen": "2019-11-23T12:37:55", "bulletinFamily": "scanner", "description": "The remote host is running the Subversion server. Subversion\nis a software product which is similar to CVS in that it manages\nfile revisions and can be accessed across a network by multiple\nclients.", "modified": "2019-11-02T00:00:00", "id": "SUBVERSION_DETECTION.NASL", "href": "https://www.tenable.com/plugins/nessus/12259", "published": "2004-06-08T00:00:00", "title": "Subversion Server Detection", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(12259);\n script_version (\"1.7\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_name(english:\"Subversion Server Detection\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A version control software is installed on the remote host.\" );\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running the Subversion server. Subversion\nis a software product which is similar to CVS in that it manages\nfile revisions and can be accessed across a network by multiple\nclients.\" );\n\n script_set_attribute(attribute:\"see_also\", value:\"http://subversion.tigris.org\" );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"If this server is not needed, disable it or filter incoming traffic\nto this port.\");\n\n script_set_attribute(attribute:\"risk_factor\", value:\"None\" );\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/06/08\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"asset_inventory\", value:\"True\");\n script_end_attributes();\n script_summary(english:\"Subversion Detection\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Service detection\");\n script_dependencie(\"find_service2.nasl\");\n script_require_ports(3690,\"Services/unknown\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (thorough_tests &&\n ! get_kb_item(\"global_settings/disable_service_discovery\")\n)\n{\n port = get_unknown_svc(3690);\n if (!port) exit(0);\n if (!silent_service(port)) exit(0);\n}\nelse \n{\n port = get_kb_item(\"Services/subversion\");\n if ( ! port ) port = 3690;\n}\n\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n# start check\n\nsoc = open_sock_tcp(port);\nif (!soc)\n exit(0);\n\nr = recv_line(socket:soc, length:1024);\n\nif (! r)\n\texit(0);\n\nif ((\"success ( 1 2\" >< r) || \n (\"success ( 2 2\" >< r))\n\tsecurity_note(port);\n\nclose(soc);\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}

Subversion &lt; 1.0.4 Pre-Commit-Hook Remote Overflow

Description

The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack.

Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow