| VID |
23076 |
| Severity |
40 |
| Port |
3690 |
| Protocol |
TCP |
| Class |
Subversion |
| Detailed Description |
The Subversion server, according to its version number, has a heap overflow vulnerability in svn protocol.
Subversion is a concurrent version control system for most Linux and Unix-based operating systems. Subversion versions 1.0.4 and earlier are vulnerable to a heap overflow, caused by the processing of svn protocol. The svn protocol parser trusts the indicated length of a URI string sent by a client. This allows a client to specify a very long string, thereby causing svnserve to allocate enough memory to hold that string. This may cause a Denial of Service. Alternately, given a string that causes an integer overflow in the variable holding the string length, the server might allocate less memory than required, allowing a heap overflow.
By sending a specially-crafted svn packet, a remote unauthenticated attacker could overflow a buffer and crash the service or possibly execute arbitrary code on the system with privileges of the affected Subversion server.
* Note: This check solely relied on the version number of the remote Subversion server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0294.html
http://www.securitytracker.com/alerts/2004/Jun/1010469.html
* Platforms Affected:
CollabNet, Inc., Subversion 1.0.4 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Subversion (1.0.5 or later), available from the Subversion Web site at http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=260 |
| Related URL |
CVE-2004-0413 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
16396 (ISS) |
|
