 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.120666 |
| Category: | Amazon Linux Local Security Checks |
| Title: | Amazon Linux: Security Advisory (ALAS-2016-676) |
| Summary: | The remote host is missing an update for the 'mod_dav_svn, subversion' package(s) announced via the ALAS-2016-676 advisory. |
| Description: | Summary: The remote host is missing an update for the 'mod_dav_svn, subversion' package(s) announced via the ALAS-2016-676 advisory. Vulnerability Insight: It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. (CVE-2015-5259) It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184) It was found that the mod_dav_svn module was vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies, allowing an attacker with write access to a repository to cause a denial of service attack (on 32-bit or 64-bit servers) or possibly execute arbitrary code (on 32-bit servers only) under the context of the httpd process. (CVE-2015-5343) Affected Software/OS: 'mod_dav_svn, subversion' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-3184 http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html BugTraq ID: 76274 http://www.securityfocus.com/bid/76274 Debian Security Information: DSA-3331 (Google Search) http://www.debian.org/security/2015/dsa-3331 https://security.gentoo.org/glsa/201610-05 RedHat Security Advisories: RHSA-2015:1742 http://rhn.redhat.com/errata/RHSA-2015-1742.html http://www.securitytracker.com/id/1033215 SuSE Security Announcement: openSUSE-SU-2015:1401 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://www.ubuntu.com/usn/USN-2721-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3187 BugTraq ID: 76273 http://www.securityfocus.com/bid/76273 RedHat Security Advisories: RHSA-2015:1633 http://rhn.redhat.com/errata/RHSA-2015-1633.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5259 BugTraq ID: 82300 http://www.securityfocus.com/bid/82300 http://www.securitytracker.com/id/1034469 Common Vulnerability Exposure (CVE) ID: CVE-2015-5343 Debian Security Information: DSA-3424 (Google Search) http://www.debian.org/security/2015/dsa-3424 http://www.securitytracker.com/id/1034470 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.405261 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |