General : TortoiseSVN Insecure Library Loading Vulnerability

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.801290

Category: General

Title: TortoiseSVN Insecure Library Loading Vulnerability

Summary: Check for the version of TortoiseSVN

Description:
Overview: This host is installed with TortoiseSVN and is prone to insecure
library loading vulnerability.

Vulnerability Insight:
The flaw is due to the application insecurely loading certain
librairies from the current working directory, which could allow attackers
to execute arbitrary code by tricking a user into opening a file from a
network share.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code and conduct DLL hijacking attacks.

Impact Level: Application

Affected Software/OS:
TortoiseSVN 1.6.10, Build 19898 and Prior.

Fix: No solution or patch is available as of 16th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://tortoisesvn.net/downloads

References:
http://www.securityfocus.com/archive/1/archive/1/513442/100/0/threaded
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3199
Bugtraq: 20100901 Tortoise SVN DLL Hijacking Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/513442/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/513463/100/0/threaded
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc

Copyright Copyright (c) 2010 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.801290
Category:	General
Title:	TortoiseSVN Insecure Library Loading Vulnerability
Summary:	Check for the version of TortoiseSVN
Description:	Overview: This host is installed with TortoiseSVN and is prone to insecure library loading vulnerability. Vulnerability Insight: The flaw is due to the application insecurely loading certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share. Impact: Successful exploitation could allow remote attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application Affected Software/OS: TortoiseSVN 1.6.10, Build 19898 and Prior. Fix: No solution or patch is available as of 16th September, 2010. Information regarding this issue will be updated once the solution details are available. For updates refer to http://tortoisesvn.net/downloads References: http://www.securityfocus.com/archive/1/archive/1/513442/100/0/threaded http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163 http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3199 Bugtraq: 20100901 Tortoise SVN DLL Hijacking Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/513442/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/513463/100/0/threaded http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163 http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc
Copyright	Copyright (c) 2010 Greenbone Networks GmbH