FreeBSD : subversion -- multiple vulnerabilities (c8174b63-0d3a-11e6-b06e-d43d7eed0ce2)
Medium Nessus Plugin ID 90780
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSubversion project reports :
svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption.
Due to a programming oversight, authentication against Cyrus SASL would permit the remote user to specify a realm string which is a prefix of the expected realm string.
Subversion's httpd servers are vulnerable to a remotely triggerable crash in the mod_authz_svn module. The crash can occur during an authorization check for a COPY or MOVE request with a specially crafted header value.
This allows remote attackers to cause a denial of service.
SolutionUpdate the affected packages.