ID de Prueba:	1.3.6.1.4.1.25623.1.0.880681
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for mod_dav_svn CESA-2009:1203 centos5 i386
Resumen:	The remote host is missing an update for the 'mod_dav_svn'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'mod_dav_svn' package(s) announced via the referenced advisory. Vulnerability Insight: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. Affected Software/OS: mod_dav_svn on CentOS 5 Solution: Please install the updated packages. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2411 1022697 http://www.securitytracker.com/id?1022697 20090807 Subversion heap overflow http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html 35983 http://www.securityfocus.com/bid/35983 36184 http://secunia.com/advisories/36184 36224 http://secunia.com/advisories/36224 36232 http://secunia.com/advisories/36232 36257 http://secunia.com/advisories/36257 36262 http://secunia.com/advisories/36262 56856 http://osvdb.org/56856 ADV-2009-2180 http://www.vupen.com/english/advisories/2009/2180 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1855 http://www.debian.org/security/2009/dsa-1855 FEDORA-2009-8432 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00469.html FEDORA-2009-8449 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00485.html MDVSA-2009:199 http://www.mandriva.com/security/advisories?name=MDVSA-2009:199 RHSA-2009:1203 http://www.redhat.com/support/errata/RHSA-2009-1203.html USN-812-1 http://www.ubuntu.com/usn/usn-812-1 [dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411 http://svn.haxx.se/dev/archive-2009-08/0110.shtml [dev] 20090806 Subversion 1.5.7 Released http://svn.haxx.se/dev/archive-2009-08/0108.shtml [dev] 20090806 Subversion 1.6.4 Released http://svn.haxx.se/dev/archive-2009-08/0107.shtml http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt http://support.apple.com/kb/HT3937 http://svn.collab.net/repos/svn/tags/1.5.7/CHANGES http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES oval:org.mitre.oval:def:11465 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11465
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.