Debian Local Security Checks : Debian Security Advisory DSA 2118-1 (subversion)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.68459

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 2118-1 (subversion)

Zusammenfassung: NOSUMMARY

Beschreibung: Description:
The remote host is missing an update to subversion
announced via advisory DSA 2118-1.

Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn
module of subversion, a version control system, is not properly enforcing
access rules which are scope-limited to named repositories. If the
SVNPathAuthz option is set to short_circuit set this may enable an
unprivileged attacker to bypass intended access restrictions and disclose
or modify repository content.

As a workaround it is also possible to set SVNPathAuthz to on but be
advised that this can result in a performance decrease for large
repositories.

For the stable distribution (lenny), this problem has been fixed in
version 1.5.1dfsg1-5.

For the testing distribution (squeeze), this problem has been fixed in
version 1.6.12dfsg-2.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.12dfsg-2.

We recommend that you upgrade your samba packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%202118-1

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3315
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Debian Security Information: DSA-2118 (Google Search)
http://www.debian.org/security/2010/dsa-2118
http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007
http://www.redhat.com/support/errata/RHSA-2011-0258.html
http://secunia.com/advisories/41652
http://secunia.com/advisories/43139
http://secunia.com/advisories/43346
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2011/0264

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.68459
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 2118-1 (subversion)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to subversion announced via advisory DSA 2118-1. Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn module of subversion, a version control system, is not properly enforcing access rules which are scope-limited to named repositories. If the SVNPathAuthz option is set to short_circuit set this may enable an unprivileged attacker to bypass intended access restrictions and disclose or modify repository content. As a workaround it is also possible to set SVNPathAuthz to on but be advised that this can result in a performance decrease for large repositories. For the stable distribution (lenny), this problem has been fixed in version 1.5.1dfsg1-5. For the testing distribution (squeeze), this problem has been fixed in version 1.6.12dfsg-2. For the unstable distribution (sid), this problem has been fixed in version 1.6.12dfsg-2. We recommend that you upgrade your samba packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%202118-1 CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3315 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html Debian Security Information: DSA-2118 (Google Search) http://www.debian.org/security/2010/dsa-2118 http://www.mandriva.com/security/advisories?name=MDVSA-2010:199 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007 http://www.redhat.com/support/errata/RHSA-2011-0258.html http://secunia.com/advisories/41652 http://secunia.com/advisories/43139 http://secunia.com/advisories/43346 SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://www.ubuntu.com/usn/USN-1053-1 http://www.vupen.com/english/advisories/2011/0264
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com