Apache Subversion 1.8.x < 1.8.16 / 1.9.x < 1.9.4 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9395

Synopsis

The remote host is running a version of Apache Subversion (SVN) that is affected by a multiple vulnerabilities.

Description

The version of Apache Subversion installed on the remote host is version 1.8.x prior to 1.8.16 or 1.9.x prior to 1.9.4. It is, therefore, affected by the following vulnerabilities :

- A flaw exists within 'svnserve/sasl' that is triggered when handling a realm string which is a prefix of the expected realm string, which can cause an authenticated remote attacker to incorrectly authenticate into the wrong realm. This may allow the attacker to gain access to areas they would otherwise be restricted from. (CVE-2016-2167)
- A flaw exists within 'mod_authz_svn' that is triggered as authorization checks are not properly performed on 'COPY' and 'MOVE' actions. This may allow a remote attacker to use a specially crafted header to crash the server. (CVE-2016-2168)
- A 'NULL pointer' dereference flaw exists within the 'mod_authz_svn' module that is triggered when handling invalid headers for COPY and MOVE requests. This may allow a remote attacker to cause a Subversion server to crash. (CVE-2016-2168)

Solution

Upgrade to Apache Subversion 1.9.4 or later. If 1.9.4 cannot be obtained, 1.8.16 is also patched for these vulnerabilities.

See Also

http://svn.apache.org/repos/asf/subversion/tags/1.9.4/CHANGES

http://subversion.apache.org/security/CVE-2016-2167-advisory.txt

http://subversion.apache.org/security/CVE-2016-2168-advisory.txt

Plugin Details

Severity: Medium

ID: 9395

File Name: 9395.prm

Family: Web Servers

Published: 2016/02/05

Modified: 2016/07/15

Dependencies: 8971

Nessus ID: 90805

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.9

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 4.1

Temporal Score: 3.9

Vector: CVSS3#AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:subversion

Patch Publication Date: 2016/04/15

Vulnerability Publication Date: 2016/04/15

Reference Information

CVE: CVE-2016-2167, CVE-2016-2168