| VID |
23074 |
| Severity |
40 |
| Port |
3690 |
| Protocol |
TCP |
| Class |
Subversion |
| Detailed Description |
The Subversion server, according to its version number, has a buffer overflow vulnerability in the date parsing function.
Subversion is a concurrent version control system for most Linux and Unix-based operating systems. Subversion versions 1.0.2 and earlier are vulnerable to a stack based buffer overflow, caused by a flaw in the date parsing functions of the application. Specifically, Subversion calls a sscanf() function when converting data strings to different formats. This causes user-supplied data to be copied into an unspecified buffer without proper boundary checks performed by the application.
By sending a specially crafted request via a DAV2 REPORT query or get-dated-rev svn-protocol command, a remote attacker could overflow a buffer and crash the service or possibly execute arbitrary code on the system with privileges of the affected Subversion server.
* Note: This check solely relied on the version number of the remote Subversion server to assess this vulnerability, so this might be a false positive.
* References:
http://osvdb.org/displayvuln.php?osvdb_id=6301
http://subversion.tigris.org/svn-sscanf-advisory.txt
http://security.e-matters.de/advisories/082004.html
http://www.gentoo.org/security/en/glsa/glsa-200405-14.xml
* Platforms Affected:
CollabNet, Inc., Subversion 1.0.2 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Subversion (1.0.3 or later), available from the Subversion Web site at http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=260 |
| Related URL |
CVE-2004-0397 (CVE) |
| Related URL |
10386 (SecurityFocus) |
| Related URL |
(ISS) |
|
