Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.68938
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-1053-1 (subversion)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to subversion
announced via advisory USN-1053-1.

Details follow:

It was discovered that Subversion incorrectly handled certain 'partial
access' privileges in rare scenarios. Remote authenticated users could use
this flaw to obtain sensitive information (revision properties). This issue
only applied to Ubuntu 6.06 LTS. (CVE-2007-2448)

It was discovered that the Subversion mod_dav_svn module for Apache did not
properly handle a named repository as a rule scope. Remote authenticated
users could use this flaw to bypass intended restrictions. This issue only
applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-3315)

It was discovered that the Subversion mod_dav_svn module for Apache
incorrectly handled the walk function. Remote authenticated users could use
this flaw to cause the service to crash, leading to a denial of service.
(CVE-2010-4539)

It was discovered that Subversion incorrectly handled certain memory
operations. Remote authenticated users could use this flaw to consume large
quantities of memory and cause the service to crash, leading to a denial of
service. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10.
(CVE-2010-4644)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libapache2-svn 1.3.1-3ubuntu1.3
libsvn0 1.3.1-3ubuntu1.3

Ubuntu 8.04 LTS:
libapache2-svn 1.4.6dfsg1-2ubuntu1.2
libsvn1 1.4.6dfsg1-2ubuntu1.2

Ubuntu 9.10:
libapache2-svn 1.6.5dfsg-1ubuntu1.1
libsvn1 1.6.5dfsg-1ubuntu1.1

Ubuntu 10.04 LTS:
libapache2-svn 1.6.6dfsg-2ubuntu1.1
libsvn1 1.6.6dfsg-2ubuntu1.1

Ubuntu 10.10:
libapache2-svn 1.6.12dfsg-1ubuntu1.1
libsvn1 1.6.12dfsg-1ubuntu1.1

After a standard system update you need to restart any applications that
use Subversion, such as Apache when using mod_dav_svn, to make all the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1053-1

Risk factor : High

CVSS Score:
6.8

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-2448
BugTraq ID: 24463
http://www.securityfocus.com/bid/24463
http://osvdb.org/36070
http://securitytracker.com/id?1018237
http://secunia.com/advisories/43139
http://www.ubuntu.com/usn/USN-1053-1
http://www.vupen.com/english/advisories/2007/2230
http://www.vupen.com/english/advisories/2011/0264
Common Vulnerability Exposure (CVE) ID: CVE-2010-3315
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Debian Security Information: DSA-2118 (Google Search)
http://www.debian.org/security/2010/dsa-2118
http://www.mandriva.com/security/advisories?name=MDVSA-2010:199
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19007
http://www.redhat.com/support/errata/RHSA-2011-0258.html
http://secunia.com/advisories/41652
http://secunia.com/advisories/43346
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-4539
BugTraq ID: 45655
http://www.securityfocus.com/bid/45655
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:006
http://openwall.com/lists/oss-security/2011/01/02/1
http://openwall.com/lists/oss-security/2011/01/03/9
http://openwall.com/lists/oss-security/2011/01/04/10
http://openwall.com/lists/oss-security/2011/01/04/8
http://openwall.com/lists/oss-security/2011/01/05/4
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A@ncsa.illinois.edu%3E
http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt@mail.gmail.com%3E
http://www.redhat.com/support/errata/RHSA-2011-0257.html
http://www.securitytracker.com/id?1024934
http://secunia.com/advisories/42780
http://secunia.com/advisories/42969
http://secunia.com/advisories/43115
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.vupen.com/english/advisories/2011/0015
http://www.vupen.com/english/advisories/2011/0103
http://www.vupen.com/english/advisories/2011/0162
XForce ISS Database: subversion-walk-dos(64472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64472
Common Vulnerability Exposure (CVE) ID: CVE-2010-4644
http://svn.haxx.se/dev/archive-2010-11/0102.shtml
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203@thepond.com%3E
http://www.securitytracker.com/id?1024935
XForce ISS Database: subversion-blameg-dos(64473)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64473
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.