FreeBSD : devel/subversion -- contrib hook-scripts can allow arbitrary code execution (6d0bf320-ca39-11e2-9673-001e8c75030d)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Subversion team reports :

The script contrib/hook-scripts/ does not escape
argv arguments to 'svnlook' that start with a hyphen. This could be
used to cause 'svnlook', and hence, to error out.

The script contrib/hook-scripts/ parses filenames
from the output of 'svnlook changed' and passes them to a further
shell command (equivalent to the 'system()' call of the C standard
library) without escaping them. This could be used to run arbitrary
shell commands in the context of the user whom the pre-commit script
runs as (the user who owns the repository).

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 66736 ()

Bugtraq ID:

CVE ID: CVE-2013-2088

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now