Subversion < 1.0.3 apr_time_t data Conversion Remote Overflow

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to a buffer overflow.

Description :

The remote host is vulnerable to a remote stack-based
overflow. An attacker, exploiting this hole, would be
given full access to the target machine. Versions of
Subversion less than 1.0.3 are vulnerable to this attack.
This vulnerability was discovered by Stefan Esser and posted
to public mailing lists.

See also :

http://archives.neohapsis.com/archives/bugtraq/2004-05/0203.html
http://subversion.tigris.org/svn-sscanf-advisory.txt

Solution :

Upgrade to version 1.0.3 or higher

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 12261 ()

Bugtraq ID: 10386

CVE ID: CVE-2004-0397