The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.

A vulnerability has been found and corrected in subversion :

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root (CVE-2013-4131).

This advisory provides the latest version of subversion (1.7.11) which is not vulnerable to this issue.

Subversion Project reports :

Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT (or equivalent) or undefined behavior.

Commit access is required to exploit this.

This update includes the latest release of Apache Subversion 1.7, version 1.7.11. Several security vulnerabilities are fixed in this update :

Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a segmentation fault or undefined behavior. Commit access is required to exploit this. (CVE-2013-4131)

If a filename which contains a newline character (ASCII 0x0a) is committed to a repository using the FSFS format, the resulting revision is corrupt. This can lead to disruption for users of the repository. (CVE-2013-1968)

Subversion's contrib/ directory contains two example hook scripts, which use 'svnlook changed' to examine a revision or transaction and then pass those paths as arguments to further 'svnlook' commands, without properly escaping the command-line. (CVE-2013-2088)

Subversion's svnserve server process may exit when an incoming TCP connection is closed early in the connection process. This can lead to disruption for users of the server. (CVE-2013-2112)

The following client-side bugs were fixed in the 1.7.10 release :

  - fix 'svn revert' 'no such table: revert_list' spurious     error

    - fix 'svn diff' doesn't show some locally added files

    - fix changelist filtering when --changelist values       aren't UTF8

    - fix 'svn diff --git' shows wrong copyfrom

    - fix 'svn diff -x-w' shows wrong changes

    - fix 'svn blame' sometimes shows every line as modified

    - fix regression in 'svn status -u' output for externals

    - fix file permissions change on commit of file with       keywords

    - improve some fatal error messages

    - fix externals not removed when working copy is made       shallow

The following server-side bugs are fixed :

  - fix repository corruption due to newline in filename

    - fix svnserve exiting when a client connection is       aborted

    - fix svnserve memory use after clear

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The installed version of Subversion Server is affected by the following vulnerabilities :

  - An input validation error exists in two files in the     'contrib/' directory that could allow arbitrary code     execution. Note that this issue does not affect version     1.8.0. (CVE-2013-2088)

  - An error exists related to the 'mod_dav_svn' Apache     module that could allow denial of service attacks. Note     that this issue does not affect the 1.6.x branch.
    (CVE-2013-4131)

This update includes the latest release of Apache Subversion 1.7, version 1.7.11. This fixes a security vulnerability in mod_dav_svn :

Subversion's mod_dav_svn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a segmentation fault or undefined behavior. Commit access is required to exploit this. (CVE-2013-4131)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Subversion was updated to 1.7.11 [bnc#830031] to fix bugs and security issues.

  - translation updates for Simplified Chinese

  - mod_dav_svn: fix incorrect path canonicalization     (CVE-2013-4131)

  - javahl bindings: fix bug in error constructing code

The remote host is affected by the vulnerability described in GLSA-201309-11 (Subversion: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Subversion. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could cause a Denial of Service condition or obtain       sensitive information. A local attacker could escalate his privileges to       the user running svnserve.
  Workaround :

    There is no known workaround at this time.

Versions of Apache Subversion prior to 1.6.21, or 1.7.x prior to 1.7.9 are affected by a flaw in the 'mod_dav_svn' module that may allow a remote denial of service. The issue is triggered when the program does not properly handle the MOVE, COPY, or DELETE HTTP requests. With a specially crafted SVN commit request, a remote attacker can cause the program to crash.

Versions of Apache Subversion 1.7.x prior to 1.7.11, or 1.8.x prior to 1.8.1 are affected by a denial of service vulnerability, specifically within the 'mod_dav_svn' module, which improperly handles certain HTTP requests in a way that can be leveraged by an attacker to execute a denial of service against the system.

The remote host is running a version of Apache Subversion that is vulnerable to a denial of service vulnerability, specifically within the 'mod_dav_svn' module, which improperly handles certain HTTP requests in a way that can be leveraged by an attacker to execute a denial of service against the system.

ID	Name	Product	Family	Published	Updated	Severity
70225	Amazon Linux AMI : subversion (ALAS-2013-221)	Nessus	Amazon Linux Local Security Checks	10/1/2013	4/18/2018	medium
69232	Mandriva Linux Security Advisory : subversion (MDVSA-2013:209)	Nessus	Mandriva Local Security Checks	8/7/2013	1/6/2021	medium
69052	FreeBSD : subversion -- remotely triggerable 'Assertion failed' DoS vulnerability or read overflow. (2ae24334-f2e6-11e2-8346-001e8c75030d)	Nessus	FreeBSD Local Security Checks	7/25/2013	1/6/2021	medium
69355	Fedora 18 : subversion-1.7.11-1.fc18.1 (2013-13672)	Nessus	Fedora Local Security Checks	8/15/2013	1/11/2021	high
71566	Apache Subversion 1.6.x / 1.7.x / 1.8.x < 1.6.23 / 1.7.11 / 1.8.1 Multiple Vulnerabilities	Nessus	Windows	12/20/2013	7/30/2018	high
69188	Fedora 19 : subversion-1.7.11-1.fc19 (2013-13696)	Nessus	Fedora Local Security Checks	8/2/2013	1/11/2021	medium
75100	openSUSE Security Update : subversion (openSUSE-SU-2013:1286-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/19/2021	medium
70084	GLSA-201309-11 : Subversion: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	9/24/2013	1/6/2021	high
8121	Apache Subversion < 1.6.21 / 1.7.x < 1.7.9 DoS	Nessus Network Monitor	Web Servers	2/17/2013	3/6/2019	medium
6963	Apache Subversion 1.7.x < 1.7.11 / 1.8.x < 1.8.1 DoS	Nessus Network Monitor	Web Servers	8/2/2013	3/6/2019	medium
801443	Apache Subversion < 1.8.1 / 1.7.11 Remote Denial of Service Vulnerability	Log Correlation Engine	Web Servers	8/2/2013		low

Detections

Analytics

Plugins Search

medium

medium

medium

high

high

medium

medium

high

medium

medium

low