Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69792
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0862
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2011:0862.

Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes. The
mod_dav_svn module is used with the Apache HTTP Server to allow access to
Subversion repositories via HTTP.

An infinite loop flaw was found in the way the mod_dav_svn module processed
certain data sets. If the SVNPathAuthz directive was set to
short_circuit, and path-based access control for files and directories
was enabled, a malicious, remote user could use this flaw to cause the
httpd process serving the request to consume an excessive amount of system
memory. (CVE-2011-1783)

A NULL pointer dereference flaw was found in the way the mod_dav_svn module
processed requests submitted against the URL of a baselined resource. A
malicious, remote user could use this flaw to cause the httpd process
serving the request to crash. (CVE-2011-1752)

An information disclosure flaw was found in the way the mod_dav_svn
module processed certain URLs when path-based access control for files and
directories was enabled. A malicious, remote user could possibly use this
flaw to access certain files in a repository that would otherwise not be
accessible to them. Note: This vulnerability cannot be triggered if the
SVNPathAuthz directive is set to short_circuit. (CVE-2011-1921)

Red Hat would like to thank the Apache Subversion project for reporting
these issues. Upstream acknowledges Joe Schaefer of the Apache Software
Foundation as the original reporter of CVE-2011-1752
Ivan Zhakov of
VisualSVN as the original reporter of CVE-2011-1783
and Kamesh
Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.

All Subversion users should upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, you must restart the httpd daemon, if you are using
mod_dav_svn, for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0862.html
http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1752
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 48091
http://www.securityfocus.com/bid/48091
Debian Security Information: DSA-2251 (Google Search)
http://www.debian.org/security/2011/dsa-2251
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18922
http://www.redhat.com/support/errata/RHSA-2011-0861.html
http://www.redhat.com/support/errata/RHSA-2011-0862.html
http://www.securitytracker.com/id?1025617
http://secunia.com/advisories/44633
http://secunia.com/advisories/44681
http://secunia.com/advisories/44849
http://secunia.com/advisories/44879
http://secunia.com/advisories/44888
http://secunia.com/advisories/45162
http://www.ubuntu.com/usn/USN-1144-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-1783
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889
http://www.securitytracker.com/id?1025618
Common Vulnerability Exposure (CVE) ID: CVE-2011-1921
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999
http://www.securitytracker.com/id?1025619
XForce ISS Database: subversion-control-rules-info-disc(67804)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67804
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.