GLSA-200407-20 : Subversion: Vulnerability in mod_authz_svn

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200407-20
(Subversion: Vulnerability in mod_authz_svn)

Users with write access to part of a Subversion repository may bypass
read restrictions on any part of that repository. This can be done
using an 'svn copy' command to copy the portion of a repository the
user wishes to read into an area where they have write access.
Since copies are versioned, any such copy attempts will be readily

Impact :

This is a low-risk vulnerability. It affects only users of Subversion
who are running servers inside Apache and using mod_authz_svn.
Additionally, this vulnerability may be exploited only by users with
write access to some portion of a repository.

Workaround :

Keep sensitive content separated into different Subversion
repositories, or disable the Apache Subversion server and use svnserve

See also :

Solution :

All Subversion users should upgrade to the latest available version:
# emerge sync
# emerge -pv '>=dev-util/subversion-1.0.6'
# emerve '>=dev-util/subversion-1.0.6'

Risk factor :

Low / CVSS Base Score : 2.1

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14553 (gentoo_GLSA-200407-20.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1438