Lucene search
Copyright (C) 2011 Greenbone AGOPENVAS:1361412562310831415HistoryJun 06, 2011 - 12:00 a.m.
Mandriva Update for subversion MDVSA-2011:106 (subversion)
2011-06-0600:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
6
6.6 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://lists.mandriva.com/security-announce/2011-06/msg00002.php");
script_oid("1.3.6.1.4.1.25623.1.0.831415");
script_version("2023-07-14T16:09:26+0000");
script_tag(name:"last_modification", value:"2023-07-14 16:09:26 +0000 (Fri, 14 Jul 2023)");
script_tag(name:"creation_date", value:"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name:"MDVSA", value:"2011:106");
script_cve_id("CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921");
script_name("Mandriva Update for subversion MDVSA-2011:106 (subversion)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'subversion'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release", re:"ssh/login/release=MNDK_(mes5|2010\.1|2009\.0)");
script_tag(name:"affected", value:"subversion on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64");
script_tag(name:"insight", value:"Multiple vulnerabilities were discovered and corrected in subversion:
The mod_dav_svn Apache HTTPD server module will dereference a NULL
pointer if asked to deliver baselined WebDAV resources which can lead
to a DoS (Denial Of Service) (CVE-2011-1752).
The mod_dav_svn Apache HTTPD server module may in certain scenarios
enter a logic loop which does not exit and which allocates emory in
each iteration, ultimately exhausting all the available emory on the
server which can lead to a DoS (Denial Of Service) (CVE-2011-1783).
The mod_dav_svn Apache HTTPD server module may leak to remote users
the file contents of files configured to be unreadable by those users
(CVE-2011-1921).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been upgraded to the 1.6.17 version which
is not vulnerable to these issues.");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://store.mandriva.com/product_info.php?cPath=149&products_id=490");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "MNDK_mes5")
{
if ((res = isrpmvuln(pkg:"apache-mod_dav_svn", rpm:"apache-mod_dav_svn~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_dontdothat", rpm:"apache-mod_dontdothat~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsvn0", rpm:"libsvn0~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsvnjavahl1", rpm:"libsvnjavahl1~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"perl-SVN", rpm:"perl-SVN~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-svn", rpm:"python-svn~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-svn", rpm:"ruby-svn~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion", rpm:"subversion~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-devel", rpm:"subversion-devel~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-doc", rpm:"subversion-doc~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-server", rpm:"subversion-server~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-tools", rpm:"subversion-tools~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"svn-javahl", rpm:"svn-javahl~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64svn0", rpm:"lib64svn0~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64svnjavahl1", rpm:"lib64svnjavahl1~1.6.17~0.1mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"apache-mod_dav_svn", rpm:"apache-mod_dav_svn~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_dontdothat", rpm:"apache-mod_dontdothat~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsvn0", rpm:"libsvn0~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsvn-gnome-keyring0", rpm:"libsvn-gnome-keyring0~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsvnjavahl1", rpm:"libsvnjavahl1~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsvn-kwallet0", rpm:"libsvn-kwallet0~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"perl-SVN", rpm:"perl-SVN~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-svn", rpm:"python-svn~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-svn", rpm:"ruby-svn~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion", rpm:"subversion~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-devel", rpm:"subversion-devel~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-doc", rpm:"subversion-doc~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-server", rpm:"subversion-server~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-tools", rpm:"subversion-tools~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"svn-javahl", rpm:"svn-javahl~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64svn0", rpm:"lib64svn0~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64svn-gnome-keyring0", rpm:"lib64svn-gnome-keyring0~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64svnjavahl1", rpm:"lib64svnjavahl1~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64svn-kwallet0", rpm:"lib64svn-kwallet0~1.6.17~0.1mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "MNDK_2009.0")
{
if ((res = isrpmvuln(pkg:"apache-mod_dav_svn", rpm:"apache-mod_dav_svn~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_dontdothat", rpm:"apache-mod_dontdothat~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsvn0", rpm:"libsvn0~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libsvnjavahl1", rpm:"libsvnjavahl1~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"perl-SVN", rpm:"perl-SVN~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-svn", rpm:"python-svn~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"ruby-svn", rpm:"ruby-svn~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion", rpm:"subversion~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-devel", rpm:"subversion-devel~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-doc", rpm:"subversion-doc~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-server", rpm:"subversion-server~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"subversion-tools", rpm:"subversion-tools~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"svn-javahl", rpm:"svn-javahl~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64svn0", rpm:"lib64svn0~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64svnjavahl1", rpm:"lib64svnjavahl1~1.6.17~0.1mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
nessus
nessus
Fedora 15 : subversion-1.6.17-1.fc15 (2011-8352)
2011-06-24 00:00:00
openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0695-1)
2014-06-13 00:00:00
CentOS 5 : subversion (CESA-2011:0862)
2011-06-09 00:00:00
debian
debian
[BSA-037] Security Update for subversion
2011-07-14 00:02:42
[SECURITY] [DSA 2251-1] subversion security update
2011-06-02 09:48:52
openvas
openvas
FreeBSD Ports: subversion
2011-08-03 00:00:00
Mandriva Update for subversion MDVSA-2011:106 (subversion)
2011-06-06 00:00:00
CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386
2011-08-09 00:00:00
oraclelinux
oraclelinux
subversion security update
2011-06-08 00:00:00
subversion security update
2011-06-08 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2251-1] subversion security update
2011-06-02 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-06-02 00:00:00
Apple OS X multiple security vulnerabilities
2012-02-03 00:00:00
ubuntu
ubuntu
Subversion vulnerabilities
2011-06-06 00:00:00
osv
osv
subversion - several
2011-06-02 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: subversion-1.6.17-1.fc15
2011-06-24 03:49:12
[SECURITY] Fedora 14 Update: subversion-1.6.17-1.fc14
2011-07-01 19:03:07
freebsd
freebsd
Subversion -- multiple vulnerabilities
2011-05-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package subversion version 1.6.17-alt1
2011-07-20 00:00:00
centos
centos
mod_dav_svn, subversion security update
2011-06-08 22:32:53
mod_dav_svn, subversion security update
2011-08-14 21:21:35
suse
suse
subversion: security udpate (important)
2011-06-24 21:08:24
subversion (important)
2011-06-24 20:08:19
subversion security udpate (important)
2011-06-24 21:08:19
redhat
redhat
(RHSA-2011:0862) Moderate: subversion security update
2011-06-08 00:00:00
(RHSA-2011:0861) Moderate: subversion security update
2011-06-08 00:00:00
seebug
seebug
Subversion "mod_dav_svn"ε€δΈͺζη»ζε‘εδΏ‘ζ―ζ³ι²ζΌζ΄
2011-07-07 00:00:00
Subversion 'mod_dav_svn'ζη»ζε‘εδΏ‘ζ―ζ³ι²ζΌζ΄
2011-06-04 00:00:00
cve
cve
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:01:55
Information Disclosure
2020-04-10 01:01:55
Denial Of Service (DoS)
2020-04-10 01:01:55
debiancve
debiancve
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2011-06-06 19:55:00
Design/Logic Flaw
2011-06-06 19:55:00
Null pointer dereference
2011-06-06 19:55:00
gentoo
gentoo
Subversion: Multiple vulnerabilities
2013-09-23 00:00:00
6.6 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.4%
Related for OPENVAS:1361412562310831415