English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.64593
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2009:1203
Resumen:The remote host is missing updates announced in;advisory RHSA-2009:1203.;;Subversion (SVN) is a concurrent version control system which enables one;or more users to collaborate in developing and maintaining a hierarchy of;files and directories while keeping a history of all changes.;;Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion;(server and client) when parsing binary deltas. A malicious user with;commit access to a server could use these flaws to cause a heap overflow on;that server. A malicious server could use these flaws to cause a heap;overflow on a client when it attempts to checkout or update. These heap;overflows can result in a crash or, possibly, arbitrary code execution.;(CVE-2009-2411);;All Subversion users should upgrade to these updated packages, which;contain a backported patch to correct these issues. After installing the;updated packages, the Subversion server must be restarted for the update;to take effect: restart httpd if you are using mod_dav_svn, or restart;svnserve if it is used.
Descripción:Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1203.

Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.

Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion
(server and client) when parsing binary deltas. A malicious user with
commit access to a server could use these flaws to cause a heap overflow on
that server. A malicious server could use these flaws to cause a heap
overflow on a client when it attempts to checkout or update. These heap
overflows can result in a crash or, possibly, arbitrary code execution.
(CVE-2009-2411)

All Subversion users should upgrade to these updated packages, which
contain a backported patch to correct these issues. After installing the
updated packages, the Subversion server must be restarted for the update
to take effect: restart httpd if you are using mod_dav_svn, or restart
svnserve if it is used.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2411
1022697
http://www.securitytracker.com/id?1022697
20090807 Subversion heap overflow
http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html
35983
http://www.securityfocus.com/bid/35983
36184
http://secunia.com/advisories/36184
36224
http://secunia.com/advisories/36224
36232
http://secunia.com/advisories/36232
36257
http://secunia.com/advisories/36257
36262
http://secunia.com/advisories/36262
56856
http://osvdb.org/56856
ADV-2009-2180
http://www.vupen.com/english/advisories/2009/2180
ADV-2009-3184
http://www.vupen.com/english/advisories/2009/3184
APPLE-SA-2009-11-09-1
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
DSA-1855
http://www.debian.org/security/2009/dsa-1855
FEDORA-2009-8432
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html
FEDORA-2009-8449
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html
MDVSA-2009:199
http://www.mandriva.com/security/advisories?name=MDVSA-2009:199
RHSA-2009:1203
http://www.redhat.com/support/errata/RHSA-2009-1203.html
USN-812-1
http://www.ubuntu.com/usn/usn-812-1
[dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411
http://svn.haxx.se/dev/archive-2009-08/0110.shtml
[dev] 20090806 Subversion 1.5.7 Released
http://svn.haxx.se/dev/archive-2009-08/0108.shtml
[dev] 20090806 Subversion 1.6.4 Released
http://svn.haxx.se/dev/archive-2009-08/0107.shtml
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
http://support.apple.com/kb/HT3937
http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES
http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES
oval:org.mitre.oval:def:11465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
CopyrightCopyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.