This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Subversion Project reports :
svnserve takes a --pid-file option which creates a file containing the
process id it is running as. It does not take steps to ensure that the
file it has been directed at is not a symlink. If the pid file is in a
directory writeable by unprivileged users, the destination could be
replaced by a symlink allowing for privilege escalation. svnserve does
not create a pid file by default.
All versions are only vulnerable when the --pid-file=ARG option is
See also :
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 3.3