Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.64593
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2009:1203
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates announced in
advisory RHSA-2009:1203.

Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.

Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion
(server and client) when parsing binary deltas. A malicious user with
commit access to a server could use these flaws to cause a heap overflow on
that server. A malicious server could use these flaws to cause a heap
overflow on a client when it attempts to checkout or update. These heap
overflows can result in a crash or, possibly, arbitrary code execution.
(CVE-2009-2411)

All Subversion users should upgrade to these updated packages, which
contain a backported patch to correct these issues. After installing the
updated packages, the Subversion server must be restarted for the update
to take effect: restart httpd if you are using mod_dav_svn, or restart
svnserve if it is used.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1203.html
http://www.redhat.com/security/updates/classification/#important

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2411
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
BugTraq ID: 35983
http://www.securityfocus.com/bid/35983
Bugtraq: 20090807 Subversion heap overflow (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
Debian Security Information: DSA-1855 (Google Search)
http://www.debian.org/security/2009/dsa-1855
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
http://svn.haxx.se/dev/archive-2009-08/0110.shtml
http://svn.haxx.se/dev/archive-2009-08/0108.shtml
http://svn.haxx.se/dev/archive-2009-08/0107.shtml
http://osvdb.org/56856
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
http://www.redhat.com/support/errata/RHSA-2009-1203.html
http://www.securitytracker.com/id?1022697
http://secunia.com/advisories/36184
http://secunia.com/advisories/36224
http://secunia.com/advisories/36232
http://secunia.com/advisories/36257
http://secunia.com/advisories/36262
http://www.ubuntu.com/usn/usn-812-1
http://www.vupen.com/english/advisories/2009/2180
http://www.vupen.com/english/advisories/2009/3184
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.