Mandriva Linux Security Advisory : subversion (MDVSA-2013:153)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in subversion :

Subversion's mod_dav_svn Apache HTTPD server module will use excessive
amounts of memory when a large number of properties are set or deleted
on a node. This can lead to a DoS. There are no known instances of
this problem being observed in the wild (CVE-2013-1845).

Subversion's mod_dav_svn Apache HTTPD server module will crash when a
LOCK request is made against activity URLs. This can lead to a DoS.
There are no known instances of this problem being observed in the
wild (CVE-2013-1846).

Subversion's mod_dav_svn Apache HTTPD server module will crash in some
circumstances when a LOCK request is made against a non-existent URL.
This can lead to a DoS. There are no known instances of this problem
being observed in the wild (CVE-2013-1847).

Subversion's mod_dav_svn Apache HTTPD server module will crash when a
PROPFIND request is made against activity URLs. This can lead to a
DoS. There are no known instances of this problem being observed in
the wild, but the details of how to exploit it have been disclosed on
the full disclosure mailing list (CVE-2013-1849).

Subversion's mod_dav_svn Apache HTTPD server module will crash when a
log REPORT request receives a limit that is out of the allowed range.
This can lead to a DoS. There are no known instances of this problem
being used as a DoS in the wild (CVE-2013-1884).

The updated packages have been upgraded to the 1.7.9 version which is
not affected by these issues.

See also :

http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
http://subversion.apache.org/security/CVE-2013-1849-advisory.txt
http://subversion.apache.org/security/CVE-2013-1884-advisory.txt

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66252 ()

Bugtraq ID: 58323
58895
58896
58897
58898

CVE ID: CVE-2013-1845
CVE-2013-1846
CVE-2013-1847
CVE-2013-1849
CVE-2013-1884

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now