Apache Subversion < 1.8.15 / 1.9.x < 1.9.3 Buffer Overflow

Medium Nessus Network Monitor Plugin ID 9068

Synopsis

The remote host is running a version of Apache Subversion (SVN) that is affected by a buffer overflow vulnerability.

Description

The version of Apache Subversion installed on the remote host is 1.7.x, 1.8.x prior to 1.8.15, or 1.9.x prior to 1.9.3 and is affected by a buffer overflow vulnerability. Specifically, these versions contain an integer overflow condition in the 'request_body_to_string()' function in 'mod_dav_svn/util.c' that is triggered when handling skel-encoded request bodies. This may allow an authenticated, remote attacker to cause a heap-based buffer overflow, crashing the service or potentially allowing the execution of arbitrary code. (CVE-2015-5343)

Solution

Upgrade to Subversion 1.9.3 or later. If 1.9.x cannot be obtained, 1.8.15 has also been patched for this vulnerability.

See Also

http://subversion.apache.org/security

http://svn.apache.org/repos/asf/subversion/tags/1.8.15/CHANGES

http://svn.apache.org/repos/asf/subversion/tags/1.9.3/CHANGES

http://subversion.apache.org/security/CVE-2015-5343-advisory.txt

http://www.nessus.org/u?fcc4934f

Plugin Details

Severity: Medium

ID: 9068

Family: Web Servers

Published: 2016/02/05

Modified: 2016/03/18

Dependencies: 8971

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.6

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5

Temporal Score: 4.8

Vector: CVSS3#AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:subversion

Patch Publication Date: 2015/12/15

Vulnerability Publication Date: 2015/12/15

Reference Information

CVE: CVE-2015-5343