Apache Subversion 1.4.x - 1.7.12 / 1.8.x < 1.8.3 Multiple Symlink File Overwrite Vulnerabilities
Low Nessus Plugin ID 71568
SynopsisThe remote host has an application that is affected by multiple symlink overwrite vulnerabilities.
DescriptionThe version of Subversion Server installed on the remote host is prior to version 1.8.3. It is, therefore, affected by multiple symlink file overwrite vulnerabilities :
- An error exists in the function 'handle_options' in the file 'svnwcsub.py' that could allow a local attacker to use a symlink attack to overwrite arbitrary files. Note that this issue only affects the 1.8.x branch.
- An error exists in the function 'write_pid_file' that could allow a local attacker to use a symlink attack to overwrite arbitrary files. (CVE-2013-4277)
SolutionUpgrade to Subversion Server 1.7.13 / 1.8.3 or later or apply the vendor patches or workarounds.