FreeBSD : devel/subversion -- contrib hook-scripts can allow arbitrary code execution (6d0bf320-ca39-11e2-9673-001e8c75030d)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Subversion team reports :

The script contrib/hook-scripts/check-mime-type.pl does not escape
argv arguments to 'svnlook' that start with a hyphen. This could be
used to cause 'svnlook', and hence check-mime-type.pl, to error out.

The script contrib/hook-scripts/svn-keyword-check.pl parses filenames
from the output of 'svnlook changed' and passes them to a further
shell command (equivalent to the 'system()' call of the C standard
library) without escaping them. This could be used to run arbitrary
shell commands in the context of the user whom the pre-commit script
runs as (the user who owns the repository).

See also :

http://www.nessus.org/u?5d6fd6fa

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 66736 ()

Bugtraq ID:

CVE ID: CVE-2013-2088

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now