Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.880681 |
Categoría: | CentOS Local Security Checks |
Título: | CentOS Update for mod_dav_svn CESA-2009:1203 centos5 i386 |
Resumen: | The remote host is missing an update for the 'mod_dav_svn'; package(s) announced via the referenced advisory. |
Descripción: | Summary: The remote host is missing an update for the 'mod_dav_svn' package(s) announced via the referenced advisory. Vulnerability Insight: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. Affected Software/OS: mod_dav_svn on CentOS 5 Solution: Please install the updated packages. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2411 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 35983 http://www.securityfocus.com/bid/35983 Bugtraq: 20090807 Subversion heap overflow (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html Debian Security Information: DSA-1855 (Google Search) http://www.debian.org/security/2009/dsa-1855 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:199 http://svn.haxx.se/dev/archive-2009-08/0110.shtml http://svn.haxx.se/dev/archive-2009-08/0108.shtml http://svn.haxx.se/dev/archive-2009-08/0107.shtml http://osvdb.org/56856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465 http://www.redhat.com/support/errata/RHSA-2009-1203.html http://www.securitytracker.com/id?1022697 http://secunia.com/advisories/36184 http://secunia.com/advisories/36224 http://secunia.com/advisories/36232 http://secunia.com/advisories/36257 http://secunia.com/advisories/36262 http://www.ubuntu.com/usn/usn-812-1 http://www.vupen.com/english/advisories/2009/2180 http://www.vupen.com/english/advisories/2009/3184 |
Copyright | Copyright (c) 2011 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |