[gentoo-announce] [ GLSA 200405-14 ] Buffer overflow in Subversion - gentoo-announce

From:	"Joshua J. Berry" <condordes@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200405-14 ] Buffer overflow in Subversion
Date:	Thu, 20 May 2004 18:42:49
Message-Id:	`200405201138.45009.condordes@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200405-14

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Buffer overflow in Subversion

9

      Date: May 20, 2004

10

      Bugs: #51462

11

        ID: 200405-14

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

There is a vulnerability in the Subversion date parsing code which may

19

lead to denial of service attacks, or execution of arbitrary code.

20

Both the client and server are vulnerable.

21

22

Background

23

==========

24

25

Subversion is a version control system intended to eventually replace

26

CVS. Like CVS, it has an optional client-server architecture (where the

27

server can be an Apache server running mod_svn, or an ssh program as in

28

CVS's :ext: method). In addition to supporting the features found in

29

CVS, Subversion also provides support for moving and copying files and

30

directories.

31

32

Affected packages

33

=================

34

35

    -------------------------------------------------------------------

36

     Package              /   Vulnerable   /                Unaffected

37

    -------------------------------------------------------------------

38

  1  dev-util/subversion       <= 1.0.2                       >= 1.0.3

39

40

Description

41

===========

42

43

All releases of Subversion prior to 1.0.3 have a vulnerability in the

44

date-parsing code. This vulnerability may allow denial of service or

45

arbitrary code execution as the Subversion user. Both the client and

46

server are vulnerable, and write access is NOT required to the server's

47

repository.

48

49

Impact

50

======

51

52

All servers and clients are vulnerable. Specifically, clients that

53

allow other users to write to administrative files in a working copy

54

may be exploited. Additionally all servers (whether they are httpd/DAV

55

or svnserve) are vulnerable. Write access to the server is not

56

required; public read-only Subversion servers are also exploitable.

57

58

Workaround

59

==========

60

61

There is no known workaround at this time. All users are encouraged to

62

upgrade to the latest available version.

63

64

Resolution

65

==========

66

67

All Subversion users should upgrade to the latest stable version:

68

69

    # emerge sync

70

71

    # emerge -pv ">=dev-util/subversion-1.0.3"

72

    # emerge ">=dev-util/subversion-1.0.3"

73

74

References

75

==========

76

77

  [ 1 ] Subversion Announcement

78

        http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125

79

  [ 2 ] E-Matters Advisory

80

        http://security.e-matters.de/advisories/082004.html

81

82

Availability

83

============

84

85

This GLSA and any updates to it are available for viewing at

86

the Gentoo Security Website:

87

88

     http://security.gentoo.org/glsa/glsa-200405-14.xml

89

90

Concerns?

91

=========

92

93

Security is a primary focus of Gentoo Linux and ensuring the

94

confidentiality and security of our users machines is of utmost

95

importance to us. Any security concerns should be addressed to

96

security@g.o or alternatively, you may file a bug at

97

http://bugs.gentoo.org.

98

99

License

100

=======

101

102

Copyright 2004 Gentoo Technologies, Inc; referenced text

103

belongs to its owner(s).

104

105

The contents of this document are licensed under the

106

Creative Commons - Attribution / Share Alike license.

107

108

http://creativecommons.org/licenses/by-sa/1.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200405-14
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Buffer overflow in Subversion
9	Date: May 20, 2004
10	Bugs: #51462
11	ID: 200405-14
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	There is a vulnerability in the Subversion date parsing code which may
19	lead to denial of service attacks, or execution of arbitrary code.
20	Both the client and server are vulnerable.
21
22	Background
23	==========
24
25	Subversion is a version control system intended to eventually replace
26	CVS. Like CVS, it has an optional client-server architecture (where the
27	server can be an Apache server running mod_svn, or an ssh program as in
28	CVS's :ext: method). In addition to supporting the features found in
29	CVS, Subversion also provides support for moving and copying files and
30	directories.
31
32	Affected packages
33	=================
34
35	-------------------------------------------------------------------
36	Package / Vulnerable / Unaffected
37	-------------------------------------------------------------------
38	1 dev-util/subversion <= 1.0.2 >= 1.0.3
39
40	Description
41	===========
42
43	All releases of Subversion prior to 1.0.3 have a vulnerability in the
44	date-parsing code. This vulnerability may allow denial of service or
45	arbitrary code execution as the Subversion user. Both the client and
46	server are vulnerable, and write access is NOT required to the server's
47	repository.
48
49	Impact
50	======
51
52	All servers and clients are vulnerable. Specifically, clients that
53	allow other users to write to administrative files in a working copy
54	may be exploited. Additionally all servers (whether they are httpd/DAV
55	or svnserve) are vulnerable. Write access to the server is not
56	required; public read-only Subversion servers are also exploitable.
57
58	Workaround
59	==========
60
61	There is no known workaround at this time. All users are encouraged to
62	upgrade to the latest available version.
63
64	Resolution
65	==========
66
67	All Subversion users should upgrade to the latest stable version:
68
69	# emerge sync
70
71	# emerge -pv ">=dev-util/subversion-1.0.3"
72	# emerge ">=dev-util/subversion-1.0.3"
73
74	References
75	==========
76
77	[ 1 ] Subversion Announcement
78	http://subversion.tigris.org/servlets/ReadMsg?list=announce&msgNo=125
79	[ 2 ] E-Matters Advisory
80	http://security.e-matters.de/advisories/082004.html
81
82	Availability
83	============
84
85	This GLSA and any updates to it are available for viewing at
86	the Gentoo Security Website:
87
88	http://security.gentoo.org/glsa/glsa-200405-14.xml
89
90	Concerns?
91	=========
92
93	Security is a primary focus of Gentoo Linux and ensuring the
94	confidentiality and security of our users machines is of utmost
95	importance to us. Any security concerns should be addressed to
96	security@g.o or alternatively, you may file a bug at
97	http://bugs.gentoo.org.
98
99	License
100	=======
101
102	Copyright 2004 Gentoo Technologies, Inc; referenced text
103	belongs to its owner(s).
104
105	The contents of this document are licensed under the
106	Creative Commons - Attribution / Share Alike license.
107
108	http://creativecommons.org/licenses/by-sa/1.0

Gentoo Archives: gentoo-announce