summaryrefslogtreecommitdiff
blob: 77f806fb3b3d1be286b5cc50c1fa29811635ba7e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-14">
  <title>Buffer overflow in Subversion</title>
  <synopsis>
    There is a vulnerability in the Subversion date parsing code which may lead
    to denial of service attacks, or execution of arbitrary code. Both the
    client and server are vulnerable.
  </synopsis>
  <product type="ebuild">subversion</product>
  <announced>2004-05-20</announced>
  <revised count="02">2006-05-22</revised>
  <bug>51462</bug>
  <access>remote</access>
  <affected>
    <package name="dev-util/subversion" auto="yes" arch="*">
      <unaffected range="ge">1.0.3</unaffected>
      <vulnerable range="le">1.0.2</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    Subversion is a version control system intended to eventually replace
    CVS. Like CVS, it has an optional client-server architecture (where the
    server can be an Apache server running mod_svn, or an ssh program as in
    CVS's :ext: method). In addition to supporting the features found in
    CVS, Subversion also provides support for moving and copying files and
    directories.
    </p>
  </background>
  <description>
    <p>
    All releases of Subversion prior to 1.0.3 have a vulnerability in the
    date-parsing code. This vulnerability may allow denial of service or
    arbitrary code execution as the Subversion user. Both the client and
    server are vulnerable, and write access is NOT required to the server's
    repository.
    </p>
  </description>
  <impact type="normal">
    <p>
    All servers and clients are vulnerable. Specifically, clients that
    allow other users to write to administrative files in a working copy
    may be exploited. Additionally all servers (whether they are httpd/DAV
    or svnserve) are vulnerable. Write access to the server is not
    required; public read-only Subversion servers are also exploitable.
    </p>
  </impact>
  <workaround>
    <p>
    There is no known workaround at this time. All users are encouraged to
    upgrade to the latest available version.
    </p>
  </workaround>
  <resolution>
    <p>
    All Subversion users should upgrade to the latest stable version:
    </p>
    <code>
    # emerge sync
    
    # emerge -pv "&gt;=dev-util/subversion-1.0.3"
    # emerge "&gt;=dev-util/subversion-1.0.3"</code>
  </resolution>
  <references>
    <uri link="http://subversion.tigris.org/servlets/ReadMsg?list=announce&amp;msgNo=125">Subversion Announcement</uri>
    <uri link="http://security.e-matters.de/advisories/082004.html">E-Matters Advisory</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397">CVE-2004-0397</uri>
  </references>
  <metadata tag="submitter">
    condordes
  </metadata>
</glsa>