Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - subversion: malicious SVN clients can crash mod_dav_svn (CVE-2018-11803)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

An update of the subversion package has been released.

According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Subversion's mod_dav_svn Apache HTTPD module versions     1.11.0 and 1.10.0 to 1.10.3 will crash after     dereferencing an uninitialized pointer if the client     omits the root path in a recursive directory listing     operation.(CVE-2018-11803)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The installed version of Subversion Server is 1.10.x prior to 1.10.4 or 1.11.x prior to 1.11.1 and is, therefore, affected by a denial of service (DoS) vulnerability. A flaw exists in the implementation of mod_dav_svn due to failing to validate the root path of the directory listing provided by the client. An unauthenticated, remote attacker can exploit this issue, to cause the process to stop responding.

The remote host is affected by the vulnerability described in GLSA-201904-08 (Subversion: Denial of service)

    A vulnerability was discovered in Subversion&rsquo;s mod_dav_svn, that could       lead to a Denial of Service Condition.
  Impact :

    An attacker could cause a possible enial of Service condition.
  Workaround :

    There is no known workaround at this time.

This update for subversion fixes the following issues :

Security issue fixed :

  - CVE-2018-11803: Fixed a vulnerability that allowed     malicious SVN clients to trigger a crash in mod_dav_svn     by omitting the root path from a recursive directory     listing request (bsc#1122842)

This update was imported from the SUSE:SLE-15:Update update project.

This update for subversion fixes the following issues :

Security issue fixed :

CVE-2018-11803: Fixed a vulnerability that allowed malicious SVN clients to trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request (bsc#1122842)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ivan Zhakov discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Subversion project reports :

Malicious SVN clients can trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request.

ID	Name	Product	Family	Severity
199145	RHEL 8 : subversion (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
130104	Photon OS 3.0: Subversion PHSA-2019-3.0-0035	Nessus	PhotonOS Local Security Checks	high
127026	EulerOS 2.0 SP8 : subversion (EulerOS-SA-2019-1789)	Nessus	Huawei Local Security Checks	high
125387	Apache Subversion 1.10.x < 1.10.4 / 1.11.x < 1.11.1 mod_dav_svn DoS	Nessus	Windows	high
123582	GLSA-201904-08 : Subversion: Denial of service	Nessus	Gentoo Local Security Checks	high
122089	openSUSE Security Update : subversion (openSUSE-2019-153)	Nessus	SuSE Local Security Checks	high
121465	SUSE SLED15 / SLES15 Security Update : subversion (SUSE-SU-2019:0195-1)	Nessus	SuSE Local Security Checks	high
121382	Ubuntu 18.10 : Subversion vulnerability (USN-3869-1)	Nessus	Ubuntu Local Security Checks	high
121335	FreeBSD : www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn. (4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2018-11803

high

Tenable Plugins

high

high

high

high

high

high

high

high

high