| VID |
23075 |
| Severity |
40 |
| Port |
3690 |
| Protocol |
TCP |
| Class |
Subversion |
| Detailed Description |
The Subversion server, according to its version number, has a pre-commit-hook template vulnerability.
Subversion is a concurrent version control system for most Linux and Unix-based operating systems. Subversion versions 1.0.3 and earlier are vulnerable to a buffer overflow vulnerability due to an insecure implementation of the pre-commit-hook template. By exploiting this flaw, a remote attacker could overflow a buffer and crash the service or possibly execute arbitrary code on the system with privileges of the affected Subversion server.
* Note: This check solely relied on the version number of the remote Subversion server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
CollabNet, Inc., Subversion 1.0.3 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Subversion (1.0.4 or later), available from the Subversion Web site at http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=260 |
| Related URL |
(CVE) |
| Related URL |
10428 (SecurityFocus) |
| Related URL |
(ISS) |
|
