FreeBSD : subversion -- several vulnerabilities (83a418cc-2182-11e4-802c-20cf30e32f6d)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Subversion Project reports :

Using the Serf RA layer of Subversion for HTTPS uses the apr_fnmatch
API to handle matching wildcards in certificate Common Names and
Subject Alternate Names. However, apr_fnmatch is not designed for this
purpose. Instead it is designed to behave like common shell globbing.
In particular this means that '*' is not limited to a single label
within a hostname (i.e. it will match '.'). But even further
apr_fnmatch supports '?' and character classes (neither of which are
part of the RFCs defining how certificate validation works).

Subversion stores cached credentials by an MD5 hash based on the URL
and the authentication realm of the server the credentials are cached
for. MD5 has been shown to be subject to chosen plaintext hash
collisions. This means it may be possible to generate an
authentication realm which results in the same MD5 hash for a
different URL.

See also :

http://subversion.apache.org/security/CVE-2014-3522-advisory.txt
http://subversion.apache.org/security/CVE-2014-3528-advisory.txt
http://www.nessus.org/u?5374d53f

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 77125 ()

Bugtraq ID:

CVE ID: CVE-2014-3522
CVE-2014-3528

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now