 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.880681 |
| Kategorie: | CentOS Local Security Checks |
| Titel: | CentOS Update for mod_dav_svn CESA-2009:1203 centos5 i386 |
| Zusammenfassung: | The remote host is missing an update for the 'mod_dav_svn'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'mod_dav_svn' package(s) announced via the referenced advisory. Vulnerability Insight: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. Affected Software/OS: mod_dav_svn on CentOS 5 Solution: Please install the updated packages. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2411 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 35983 http://www.securityfocus.com/bid/35983 Bugtraq: 20090807 Subversion heap overflow (Google Search) http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html Debian Security Information: DSA-1855 (Google Search) http://www.debian.org/security/2009/dsa-1855 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:199 http://svn.haxx.se/dev/archive-2009-08/0110.shtml http://svn.haxx.se/dev/archive-2009-08/0108.shtml http://svn.haxx.se/dev/archive-2009-08/0107.shtml http://osvdb.org/56856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465 http://www.redhat.com/support/errata/RHSA-2009-1203.html http://www.securitytracker.com/id?1022697 http://secunia.com/advisories/36184 http://secunia.com/advisories/36224 http://secunia.com/advisories/36232 http://secunia.com/advisories/36257 http://secunia.com/advisories/36262 http://www.ubuntu.com/usn/usn-812-1 http://www.vupen.com/english/advisories/2009/2180 http://www.vupen.com/english/advisories/2009/3184 |
| Copyright | Copyright (c) 2011 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |