Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Apache Subversion < 1.6.4 'libsvn_delta' Library Binary Delta svndiff Stream Parsing Multiple Overflows

🗓️ 19 Aug 2009 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 30 Views

Apache Subversion 'libsvn_delta' Library Binary Delta svndiff Stream Parsing Multiple Overflow

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		TortoiseSVN < 1.5.6 / 1.6.0-1.6.3 Multiple Integer Overflows
25 Aug 200900:00
nessus
Tenable Nessus		SVN < 1.5.6 / 1.6.0-1.6.3 Multiple Integer Overflows (deprecated)
25 Aug 200900:00
nessus
Tenable Nessus		Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities
10 Nov 200900:00
nessus
Tenable Nessus		Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities
10 Nov 200900:00
nessus
Tenable Nessus		CentOS 5 : subversion (CESA-2009:1203)
6 Jan 201000:00
nessus
Tenable Nessus		Debian DSA-1855-1 : subversion - heap overflow
24 Feb 201000:00
nessus
Tenable Nessus		Fedora 10 : subversion-1.6.4-2.fc10 (2009-8432)
11 Aug 200900:00
nessus
Tenable Nessus		Fedora 11 : subversion-1.6.4-2.fc11 (2009-8449)
11 Aug 200900:00
nessus
Tenable Nessus		FreeBSD : subversion -- heap overflow vulnerability (bce1f76d-82d0-11de-88ea-001a4d49522b)
7 Aug 200900:00
nessus
Tenable Nessus		GLSA-200908-05 : Subversion: Remote execution of arbitrary code
20 Aug 200900:00
nessus
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(40620);
  script_version("1.10");
  script_cvs_date("Date: 2018/11/15 20:50:28");

  script_cve_id("CVE-2009-2411");
  script_bugtraq_id(35983);
  script_xref(name:"Secunia", value:"36184");

  script_name(english:"Apache Subversion < 1.6.4 'libsvn_delta' Library Binary Delta svndiff Stream Parsing Multiple Overflows");
  script_summary(english:"Checks Subversion Client/Server version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by multiple heap
overflow issues.");
  script_set_attribute(attribute:"description", value:
"The installed version of Subversion Client or Server is affected by
multiple heap overflow issues.

Specifically, the 'libsvn_delta' library fails to perform sufficient
boundary checks before processing certain svndiff streams. An attacker
with commit access to a vulnerable Subversion server can exploit this
vulnerability from a Subversion client to trigger a heap overflow on
the server. Typically such an attack would result in a denial of
service condition or arbitrary code execution on the remote server.

An attacker can also trigger this issue from a rogue Subversion server
on a Subversion client in response to a checkout or update request.");
  script_set_attribute(attribute:"see_also", value:"https://svn.haxx.se/dev/archive-2009-08/0107.shtml");
  script_set_attribute(attribute:"see_also", value:"https://svn.haxx.se/dev/archive-2009-08/0108.shtml" );
  script_set_attribute(attribute:"see_also", value:"http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt" );
  script_set_attribute(attribute:"solution", value:
"Upgrade to Subversion Client/Server 1.6.4 or later.

If using Subversion Client/Server 1.5.x, make sure you are using
version CollabNet binaries 1.5.7 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(189);


  script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/08/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("subversion_installed.nasl");
  script_require_ports(139, 445);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

c_installed = get_install_count(app_name:'Subversion Client');
s_installed = get_install_count(app_name:'Subversion Server');

if ( c_installed == 0 && s_installed == 0 ) audit(AUDIT_NOT_INST, 'Subversion Client/Server');

port = get_kb_item("SMB/transport");
if (!port) port = 445;

# Check each client install.
if (c_installed > 0)
{
  c_report = '';

  c_installs = get_installs(app_name:'Subversion Client');

  foreach c_install (c_installs[1])
  {
    path =     c_install['path'];
    version =  c_install['version'];
    provider = c_install['Packaged with'];

    if ( !isnull(provider) && !isnull(version) )
    {
      if(
        ver_compare(ver:version, fix:'1.5.7', strict:FALSE) == -1 ||
        # Only CollabNet provides updated 1.5.7 binaries
        (ver_compare(ver:version, fix:'1.5.7', strict:FALSE) == 0 && "CollabNet" >!< provider) ||
        (ver_compare(ver:version, fix:'1.6.0', strict:FALSE) >= 0 && ver_compare(ver:version, fix:'1.6.4', strict:FALSE) == -1)
      )
        c_report += '\n' +
                    '\n  Version       : ' + version +
                    '\n  Packaged with : ' + provider +
                    '\n  Path          : ' + path +
                    '\n';
    }
  }
}

# Check each Server install.

if (s_installed > 0)
{
  s_report = '';

  s_installs = get_installs(app_name:'Subversion Server');

  foreach s_install (s_installs[1])
  {
    path =     s_install['path'];
    version =  s_install['version'];
    provider = s_install['Packaged with'];

    if ( !isnull(provider) && !isnull(version) )
    {
      if (
        ver_compare(ver:version, fix:'1.5.7', strict:FALSE) == -1 ||
        # Only CollabNet provides updated 1.5.7 binaries
        (ver_compare(ver:version, fix:'1.5.7', strict:FALSE) == 0 && "CollabNet" >!< provider) ||
        (ver_compare(ver:version, fix:'1.6.0', strict:FALSE) >= 0 && ver_compare(ver:version, fix:'1.6.4', strict:FALSE) == -1)
      )
        s_report += '\n' +
                    '\n  Version       : ' + version +
                    '\n  Packaged with : ' + provider +
                    '\n  Path          : ' + path +
                    '\n';
    }
  }
}

# Report if any were found to be vulnerable.

if (c_report || s_report)
{
  if (report_verbosity > 0)
  {
    report = '\n';
    if (!empty_or_null(c_report)) report += '--- Subversion Client ---' + c_report;
    if (!empty_or_null(s_report)) report += '--- Subversion Server ---' + s_report;
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'Subversion Client/Server');

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Nov 2018 20:50Current
8.6High risk
Vulners AI Score8.6
CVSS 28.5
EPSS0.06173
apache subversionlibsvn_deltabinary deltaheap overflowdenial of servicearbitrary code executionremote serversubversion clientsubversion server
30