Subversion < 1.0.5 svnserver svn:// Protocol Handler Remote Overflow

Critical Nessus Plugin ID 12284


The remote host has an application that is affected by a heap overflow vulnerability.


A remote overflow exists in Subversion. svnserver fails to validate svn:// requests resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.


Upgrade to version 1.0.5 or newer.

Plugin Details

Severity: Critical

ID: 12284

File Name: subversion_1_0_5.nasl

Version: $Revision: 1.12 $

Type: remote

Family: Misc.

Published: 2004/06/22

Modified: 2011/11/28

Dependencies: 12259

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/06/12

Reference Information

CVE: CVE-2004-0413

BID: 10519

OSVDB: 6935

GLSA: GLSA 200406-07

SuSE: SUSE-SA:2004:018