GLSA-200405-14 : Buffer overflow in Subversion

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200405-14
(Buffer overflow in Subversion)

All releases of Subversion prior to 1.0.3 have a vulnerability in the
date-parsing code. This vulnerability may allow denial of service or
arbitrary code execution as the Subversion user. Both the client and
server are vulnerable, and write access is NOT required to the server's

Impact :

All servers and clients are vulnerable. Specifically, clients that
allow other users to write to administrative files in a working copy
may be exploited. Additionally all servers (whether they are httpd/DAV
or svnserve) are vulnerable. Write access to the server is not
required; public read-only Subversion servers are also exploitable.

Workaround :

There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version.

See also :

Solution :

All Subversion users should upgrade to the latest stable version:
# emerge sync
# emerge -pv '>=dev-util/subversion-1.0.3'
# emerge '>=dev-util/subversion-1.0.3'

Risk factor :

High / CVSS Base Score : 7.5
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14500 (gentoo_GLSA-200405-14.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0397

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now