| VID |
23083 |
| Severity |
20 |
| Port |
3690 |
| Protocol |
TCP |
| Class |
Subversion |
| Detailed Description |
The Subversion server, according to its version number, has an arbitrary repository access vulnerability.
Subversion is a concurrent version control system for most Linux and Unix-based operating systems. Subversion versions 1.0.5 and earlier could be vulnerable to this flaw, which affects only users of Subversion who are running servers inside Apache and using mod_authz_svn module. Users with write access to part of a Subversion repository may bypass read restrictions on any part of that repository. This can be done using an "svn copy" command to copy the portion of a repository the user wishes to read into an area where they have write access.
* Note: This check solely relied on the version number of the remote Subversion server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=8239
* Platforms Affected:
CollabNet, Inc., Subversion 1.0.5 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Subversion (1.0.6 or later), available from the Subversion Web site at http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=260
For Gentoo Linux:
Upgrade to the latest version of subversion (1.0.6 or later), as listed in Gentoo Linux Security Advisory GLSA 200407-20 at http://security.gentoo.org/glsa/glsa-200407-20.xml
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-1438 (CVE) |
| Related URL |
10800 (SecurityFocus) |
| Related URL |
16803 (ISS) |
|
