Gentoo Archives: gentoo-announce

From: Robert Buchholz <rbu@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities
Date: Mon, 09 Mar 2009 16:24:00
Message-Id: 200903091502.07350.rbu@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200903-20
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: WebSVN: Multiple vulnerabilities
9 Date: March 09, 2009
10 Bugs: #243852
11 ID: 200903-20
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities in WebSVN allow for file overwrite and
19 information disclosure.
20
21 Background
22 ==========
23
24 WebSVN is a web-based browsing tool for Subversion repositories written
25 in PHP.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-apps/websvn < 2.1.0 >= 2.1.0
34
35 Description
36 ===========
37
38 * James Bercegay of GulfTech Security reported a Cross-site scripting
39 (XSS) vulnerability in the getParameterisedSelfUrl() function in
40 index.php (CVE-2008-5918) and a directory traversal vulnerability in
41 rss.php when magic_quotes_gpc is disabled (CVE-2008-5919).
42
43 * Bas van Schaik reported that listing.php does not properly enforce
44 access restrictions when using an SVN authz file to authenticate
45 users (CVE-2009-0240).
46
47 Impact
48 ======
49
50 A remote attacker can exploit these vulnerabilities to overwrite
51 arbitrary files, to read changelogs or diffs for restricted projects
52 and to hijack a user's session.
53
54 Workaround
55 ==========
56
57 There is no known workaround at this time.
58
59 Resolution
60 ==========
61
62 All WebSVN users should upgrade to the latest version:
63
64 # emerge --sync
65 # emerge --ask --oneshot --verbose ">=www-apps/websvn-2.1.0"
66
67 References
68 ==========
69
70 [ 1 ] CVE-2008-5918
71 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5918
72 [ 2 ] CVE-2008-5919
73 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5919
74 [ 3 ] CVE-2009-0240
75 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0240
76
77 Availability
78 ============
79
80 This GLSA and any updates to it are available for viewing at
81 the Gentoo Security Website:
82
83 http://security.gentoo.org/glsa/glsa-200903-20.xml
84
85 Concerns?
86 =========
87
88 Security is a primary focus of Gentoo Linux and ensuring the
89 confidentiality and security of our users machines is of utmost
90 importance to us. Any security concerns should be addressed to
91 security@g.o or alternatively, you may file a bug at
92 http://bugs.gentoo.org.
93
94 License
95 =======
96
97 Copyright 2009 Gentoo Foundation, Inc; referenced text
98 belongs to its owner(s).
99
100 The contents of this document are licensed under the
101 Creative Commons - Attribution / Share Alike license.
102
103 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature