Apache Subversion < 1.6.4 'libsvn_delta' Library Binary Delta svndiff Stream Parsing Multiple Overflows

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by multiple heap
overflow issues.

Description :

The installed version of Subversion Client or Server is affected by
multiple heap overflow issues.

Specifically, the 'libsvn_delta' library fails to perform sufficient
boundary checks before processing certain svndiff streams. An attacker
with commit access to a vulnerable Subversion server can exploit this
vulnerability from a Subversion client to trigger a heap overflow on
the server. Typically such an attack would result in a denial of
service condition or arbitrary code execution on the remote server.

An attacker can also trigger this issue from a rogue Subversion server
on a Subversion client in response to a checkout or update request.

See also :

http://svn.haxx.se/dev/archive-2009-08/0107.shtml
http://svn.haxx.se/dev/archive-2009-08/0108.shtml
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt

Solution :

Upgrade to Subversion Client/Server 1.6.4 or later.

If using Subversion Client/Server 1.5.x, make sure you are using
version CollabNet binaries 1.5.7 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 40620 ()

Bugtraq ID: 35983

CVE ID: CVE-2009-2411

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now