GLSA-200409-35 : Subversion: Metadata information leak

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200409-35
(Subversion: Metadata information leak)

There is a bug in mod_authz_svn that causes it to reveal logged metadata
regarding commits to protected areas.

Impact :

Protected files themselves will not be revealed, but an attacker could use
the metadata to reveal the existence of protected areas, such as paths,
file versions, and the commit logs from those areas.

Workaround :

Rather than using mod_authz_svn, move protected areas into separate
repositories and use native Apache authentication to make these
repositories unreadable.

See also :

Solution :

All Subversion users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=dev-util/subversion-1.0.8'
# emerge '>=dev-util/subversion-1.0.8'

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 15406 (gentoo_GLSA-200409-35.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0749

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now