Subversion 1.4.x - 1.7.12 / 1.8.x < 1.8.3 Multiple Symlink File Overwrite Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by multiple symlink
overwrite vulnerabilities.

Description :

The version of Subversion Server installed on the remote host is prior
to version 1.8.3. It is, therefore, affected by multiple
symlink file overwrite vulnerabilities :

- An error exists in the function 'handle_options' in the
file 'svnwcsub.py' that could allow a local attacker to
use a symlink attack to overwrite arbitrary files. Note
this issue only affects the 1.8.x branch.
(CVE-2013-4262)

- An error exists in the function 'write_pid_file' that
could allow a local attacker to use a symlink attack to
overwrite arbitrary files. (CVE-2013-4277)

See also :

https://subversion.apache.org/security/CVE-2013-4262-advisory.txt
https://subversion.apache.org/security/CVE-2013-4277-advisory.txt

Solution :

Upgrade to Subversion Server 1.7.13 / 1.8.3 or later or apply the
vendor patches or workarounds.

Risk factor :

Low / CVSS Base Score : 3.2
(CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:P)
CVSS Temporal Score : 2.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 71568 ()

Bugtraq ID: 62266
68965

CVE ID: CVE-2013-4262
CVE-2013-4277