You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.7 KiB
74 lines
2.7 KiB
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="200405-14">
|
|
<title>Buffer overflow in Subversion</title>
|
|
<synopsis>
|
|
There is a vulnerability in the Subversion date parsing code which may lead
|
|
to denial of service attacks, or execution of arbitrary code. Both the
|
|
client and server are vulnerable.
|
|
</synopsis>
|
|
<product type="ebuild">subversion</product>
|
|
<announced>2004-05-20</announced>
|
|
<revised count="02">2006-05-22</revised>
|
|
<bug>51462</bug>
|
|
<access>remote</access>
|
|
<affected>
|
|
<package name="dev-util/subversion" auto="yes" arch="*">
|
|
<unaffected range="ge">1.0.3</unaffected>
|
|
<vulnerable range="le">1.0.2</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
Subversion is a version control system intended to eventually replace
|
|
CVS. Like CVS, it has an optional client-server architecture (where the
|
|
server can be an Apache server running mod_svn, or an ssh program as in
|
|
CVS's :ext: method). In addition to supporting the features found in
|
|
CVS, Subversion also provides support for moving and copying files and
|
|
directories.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
All releases of Subversion prior to 1.0.3 have a vulnerability in the
|
|
date-parsing code. This vulnerability may allow denial of service or
|
|
arbitrary code execution as the Subversion user. Both the client and
|
|
server are vulnerable, and write access is NOT required to the server's
|
|
repository.
|
|
</p>
|
|
</description>
|
|
<impact type="normal">
|
|
<p>
|
|
All servers and clients are vulnerable. Specifically, clients that
|
|
allow other users to write to administrative files in a working copy
|
|
may be exploited. Additionally all servers (whether they are httpd/DAV
|
|
or svnserve) are vulnerable. Write access to the server is not
|
|
required; public read-only Subversion servers are also exploitable.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There is no known workaround at this time. All users are encouraged to
|
|
upgrade to the latest available version.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
All Subversion users should upgrade to the latest stable version:
|
|
</p>
|
|
<code>
|
|
# emerge sync
|
|
|
|
# emerge -pv ">=dev-util/subversion-1.0.3"
|
|
# emerge ">=dev-util/subversion-1.0.3"</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125">Subversion Announcement</uri>
|
|
<uri link="http://security.e-matters.de/advisories/082004.html">E-Matters Advisory</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397">CVE-2004-0397</uri>
|
|
</references>
|
|
<metadata tag="submitter">
|
|
condordes
|
|
</metadata>
|
|
</glsa>
|