FreeBSD : subversion -- multiple DoS (71612099-1e93-11e0-a587-001b77d09812)

medium Nessus Plugin ID 51520

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Entry for CVE-2010-4539 says :

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.

Entry for CVE-2010-4644 says :

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?d3afdeb4

Plugin Details

Severity: Medium

ID: 51520

File Name: freebsd_pkg_716120991e9311e0a587001b77d09812.nasl

Version: 1.10

Type: local

Published: 1/14/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:subversion, p-cpe:/a:freebsd:freebsd:subversion-freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 1/13/2011

Vulnerability Publication Date: 1/2/2011

Reference Information

CVE: CVE-2010-4539, CVE-2010-4644

BID: 45655