Subversion (SVN) apr_time_t data Conversion Remote Overflow

2004-05-19T00:00:00
ID OSVDB:6301
Type osvdb
Reporter Stefan Esser(sesser@hardened-php.net)
Modified 2004-05-19T00:00:00

Description

Vulnerability Description

A remote overflow exists in Subversion. The Subversion fails to check the boundary when calling sscanf() to decode old-styled date strings. By sending a specially crafted request via a DAV2 REPORT query or get-dated-rev svn-protocol command, a remote attacker can cause a buffer overflow and execute arbitrary code, resulting in a loss of integrity.

Solution Description

Upgrade to version 1.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Subversion. The Subversion fails to check the boundary when calling sscanf() to decode old-styled date strings. By sending a specially crafted request via a DAV2 REPORT query or get-dated-rev svn-protocol command, a remote attacker can cause a buffer overflow and execute arbitrary code, resulting in a loss of integrity.

References:

Vendor URL: http://subversion.tigris.org/ Vendor Specific Advisory URL Secunia Advisory ID:11642 Secunia Advisory ID:11675 Secunia Advisory ID:11659 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200405-14.xml Nessus Plugin ID:13703 Nessus Plugin ID:13702 Nessus Plugin ID:12618 Generic Informational URL: http://security.e-matters.de/advisories/082004.html CVE-2004-0397