WebSVN: Multiple vulnerabilities

WebSVN: Multiple vulnerabilities Multiple vulnerabilities in WebSVN allow for file overwrite and information disclosure. websvn 2009-03-09 2009-03-09 243852 remote 2.1.0 2.1.0

WebSVN is a web-based browsing tool for Subversion repositories written in PHP.

James Bercegay of GulfTech Security reported a Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl() function in index.php (CVE-2008-5918) and a directory traversal vulnerability in rss.php when magic_quotes_gpc is disabled (CVE-2008-5919).
Bas van Schaik reported that listing.php does not properly enforce access restrictions when using an SVN authz file to authenticate users (CVE-2009-0240).

A remote attacker can exploit these vulnerabilities to overwrite arbitrary files, to read changelogs or diffs for restricted projects and to hijack a user's session.

There is no known workaround at this time.

All WebSVN users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/websvn-2.1.0"

CVE-2008-5918 CVE-2008-5919 CVE-2009-0240 rbu rbu rbu