Subversion < 1.0.5 svnserver svn:// Protocol Handler Remote Overflow

critical Nessus Plugin ID 12284

Language:

Synopsis

The remote host has an application that is affected by a heap overflow vulnerability.

Description

A remote overflow exists in Subversion. svnserver fails to validate svn:// requests resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution

Upgrade to version 1.0.5 or newer.

Plugin Details

Severity: Critical

ID: 12284

File Name: subversion_1_0_5.nasl

Version: 1.13

Type: remote

Family: Misc.

Published: 6/22/2004

Updated: 7/30/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/12/2004

Reference Information

CVE: CVE-2004-0413

BID: 10519

GLSA: GLSA 200406-07

SuSE: SUSE-SA:2004:018

Detections

Analytics