English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68736
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2011:006 (subversion)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to subversion
announced via advisory MDVSA-2011:006.

Multiple vulnerabilities has been found and corrected in subversion:

The walk function in repos.c in the mod_dav_svn module for the Apache
HTTP Server, as distributed in Apache Subversion before 1.6.15,
allows remote authenticated users to cause a denial of service (NULL
pointer dereference and daemon crash) via vectors that trigger the
walking of SVNParentPath collections (CVE-2010-4539).

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15
allow remote authenticated users to cause a denial of service (memory
consumption and daemon crash) via the -g option to the blame command
(CVE-2010-4644).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been upgraded to the latest versions (1.5.9,
1.6.15) which is not affected by these issues and in turn contains
many bugfixes as well.

Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:006
http://svn.apache.org/repos/asf/subversion/tags/1.5.9/CHANGES
http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4539
1024934
http://www.securitytracker.com/id?1024934
42780
http://secunia.com/advisories/42780
42969
http://secunia.com/advisories/42969
43115
http://secunia.com/advisories/43115
43139
http://secunia.com/advisories/43139
43346
http://secunia.com/advisories/43346
45655
http://www.securityfocus.com/bid/45655
ADV-2011-0015
http://www.vupen.com/english/advisories/2011/0015
ADV-2011-0103
http://www.vupen.com/english/advisories/2011/0103
ADV-2011-0162
http://www.vupen.com/english/advisories/2011/0162
ADV-2011-0264
http://www.vupen.com/english/advisories/2011/0264
FEDORA-2011-0099
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html
MDVSA-2011:006
http://www.mandriva.com/security/advisories?name=MDVSA-2011:006
RHSA-2011:0257
http://www.redhat.com/support/errata/RHSA-2011-0257.html
RHSA-2011:0258
http://www.redhat.com/support/errata/RHSA-2011-0258.html
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
USN-1053-1
http://www.ubuntu.com/usn/USN-1053-1
[oss-security] 20110102 CVE request for subversion
http://openwall.com/lists/oss-security/2011/01/02/1
[oss-security] 20110103 Re: CVE request for subversion
http://openwall.com/lists/oss-security/2011/01/03/9
[oss-security] 20110104 Re: CVE request for subversion
http://openwall.com/lists/oss-security/2011/01/04/10
http://openwall.com/lists/oss-security/2011/01/04/8
[oss-security] 20110105 Re: CVE request for subversion
http://openwall.com/lists/oss-security/2011/01/05/4
[subversion-users] 20101104 apache coredump in mod_dav_svn
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C3923B919-C2BE-41AD-84ED-7207837FAD1A%40ncsa.illinois.edu%3E
[www-announce] 20101124 Apache Subversion 1.6.15 Released
http://mail-archives.apache.org/mod_mbox/www-announce/201011.mbox/%3CAANLkTi=5+NOi-Cp=fKCx6mAW-TofFVW=ikEQkXgQB8Bt%40mail.gmail.com%3E
http://svn.apache.org/repos/asf/subversion/tags/1.6.15/CHANGES
http://svn.apache.org/viewvc?view=revision&revision=1033166
https://bugzilla.redhat.com/show_bug.cgi?id=667407
subversion-walk-dos(64472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64472
Common Vulnerability Exposure (CVE) ID: CVE-2010-4644
1024935
http://www.securitytracker.com/id?1024935
[dev] 20101104 "svn blame -g" causing svnserve to hang & mem usage to hit 2GB
http://svn.haxx.se/dev/archive-2010-11/0102.shtml
[subversion-users] 20101104 svnserve.exe (Win32) using 2GB of memory and then crashing?
http://mail-archives.apache.org/mod_mbox/subversion-users/201011.mbox/%3C4CD33B61.7030203%40thepond.com%3E
http://svn.apache.org/viewvc?view=revision&revision=1032808
subversion-blameg-dos(64473)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64473
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.