Búsqueda de    
Vulnerabilidad   
    Buscar 172616 Descripciones CVE y
81291 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.68938
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-1053-1 (subversion)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to subversion
announced via advisory USN-1053-1.

Details follow:

It was discovered that Subversion incorrectly handled certain 'partial
access' privileges in rare scenarios. Remote authenticated users could use
this flaw to obtain sensitive information (revision properties). This issue
only applied to Ubuntu 6.06 LTS. (CVE-2007-2448)

It was discovered that the Subversion mod_dav_svn module for Apache did not
properly handle a named repository as a rule scope. Remote authenticated
users could use this flaw to bypass intended restrictions. This issue only
applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-3315)

It was discovered that the Subversion mod_dav_svn module for Apache
incorrectly handled the walk function. Remote authenticated users could use
this flaw to cause the service to crash, leading to a denial of service.
(CVE-2010-4539)

It was discovered that Subversion incorrectly handled certain memory
operations. Remote authenticated users could use this flaw to consume large
quantities of memory and cause the service to crash, leading to a denial of
service. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10.
(CVE-2010-4644)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libapache2-svn 1.3.1-3ubuntu1.3
libsvn0 1.3.1-3ubuntu1.3

Ubuntu 8.04 LTS:
libapache2-svn 1.4.6dfsg1-2ubuntu1.2
libsvn1 1.4.6dfsg1-2ubuntu1.2

Ubuntu 9.10:
libapache2-svn 1.6.5dfsg-1ubuntu1.1
libsvn1 1.6.5dfsg-1ubuntu1.1

Ubuntu 10.04 LTS:
libapache2-svn 1.6.6dfsg-2ubuntu1.1
libsvn1 1.6.6dfsg-2ubuntu1.1

Ubuntu 10.10:
libapache2-svn 1.6.12dfsg-1ubuntu1.1
libsvn1 1.6.12dfsg-1ubuntu1.1

After a standard system update you need to restart any applications that
use Subversion, such as Apache when using mod_dav_svn, to make all the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1053-1

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-2448
BugTraq ID: 24463
http://www.securityfocus.com/bid/24463
http://osvdb.org/36070
http://securitytracker.com/id?1018237
http://secunia.com/advisories/43139
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2007/2230
http://www.vupen.com/english/advisories/2011/0264
Common Vulnerability Exposure (CVE) ID: CVE-2010-3315
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Debian Security Information: DSA-2118 (Google Search)
http://www.debian.org/security/2010/dsa-2118
http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007
http://www.redhat.com/support/errata/RHSA-2011-0258.html
http://secunia.com/advisories/41652
http://secunia.com/advisories/43346
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-4539
BugTraq ID: 45655
http://www.securityfocus.com/bid/45655
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:006
http://openwall.com/lists/oss-security/2011/01/02/1
http://openwall.com/lists/oss-security/2011/01/03/9
http://openwall.com/lists/oss-security/2011/01/04/10
http://openwall.com/lists/oss-security/2011/01/04/8
http://openwall.com/lists/oss-security/2011/01/05/4
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A@ncsa.illinois.edu%3E
http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt@mail.gmail.com%3E
http://www.redhat.com/support/errata/RHSA-2011-0257.html
http://www.securitytracker.com/id?1024934
http://secunia.com/advisories/42780
http://secunia.com/advisories/42969
http://secunia.com/advisories/43115
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.vupen.com/english/advisories/2011/0015
http://www.vupen.com/english/advisories/2011/0103
http://www.vupen.com/english/advisories/2011/0162
XForce ISS Database: subversion-walk-dos(64472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64472
Common Vulnerability Exposure (CVE) ID: CVE-2010-4644
http://svn.haxx.se/dev/archive-2010-11/0102.shtml
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203@thepond.com%3E
http://www.securitytracker.com/id?1024935
XForce ISS Database: subversion-blameg-dos(64473)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64473
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 81291 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.