Subversion (SVN) partial access Privilege Remote Information Disclosure

2007-05-22T00:00:00
ID OSVDB:36070
Type osvdb
Reporter OSVDB
Modified 2007-05-22T00:00:00

Description

Vulnerability Description

Subversion (SVN) contains a flaw that may allow a remote attacker to gain access to sensitive information. The issue is due to the "partial access" privilege not being implemented correctly. This allows remote authenticated users to obtain sensitive information such as revision properties via the "svn propget", "svn proplist" and "svn propedit" commands.

Solution Description

Upgrade to version 1.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Subversion (SVN) contains a flaw that may allow a remote attacker to gain access to sensitive information. The issue is due to the "partial access" privilege not being implemented correctly. This allows remote authenticated users to obtain sensitive information such as revision properties via the "svn propget", "svn proplist" and "svn propedit" commands.

References:

Vendor Specific News/Changelog Entry: http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt Security Tracker: 1018237 FrSIRT Advisory: ADV-2007-2230 CVE-2007-2448 Bugtraq ID: 24463