This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
subversion team reports :
A Subversion client sometimes connects to URLs provided by the
repository. This happens in two primary cases: during 'checkout',
'export', 'update', and 'switch', when the tree being downloaded
contains svn:externals properties; and when using 'svnsync sync' with
one URL argument.
A maliciously constructed svn+ssh:// URL would cause Subversion
clients to run an arbitrary shell command. Such a URL could be
generated by a malicious server, by a malicious user committing to a
honest server (to attack another user of that server's repositories),
or by a proxy server.
The vulnerability affects all clients, including those that use
file://, http://, and plain (untunneled) svn://.
An exploit has been tested.
See also :
Update the affected packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now