Subversion < 1.0.3 apr_time_t data Conversion Remote Overflow

high Nessus Plugin ID 12261

Language:

Synopsis

The remote service is vulnerable to a buffer overflow.

Description

The remote host is vulnerable to a remote stack-based overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.3 are vulnerable to this attack.
This vulnerability was discovered by Stefan Esser and posted to public mailing lists.

Solution

Upgrade to version 1.0.3 or higher

See Also

https://seclists.org/bugtraq/2004/May/216

http://subversion.tigris.org/svn-sscanf-advisory.txt

Plugin Details

Severity: High

ID: 12261

File Name: subversion_1_0_4.nasl

Version: 1.19

Type: remote

Family: Misc.

Published: 6/8/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/19/2004

Exploitable With

CANVAS (CANVAS)

Metasploit (Subversion Date Svnserve)

Reference Information

CVE: CVE-2004-0397

BID: 10386