ID CVE-2009-2411
Summary Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
References
Vulnerable Configurations
  • cpe:2.3:a:subversion:subversion:1.0.7
    cpe:2.3:a:subversion:subversion:1.0.7
  • cpe:2.3:a:subversion:subversion:1.0.6
    cpe:2.3:a:subversion:subversion:1.0.6
  • cpe:2.3:a:subversion:subversion:1.0.5
    cpe:2.3:a:subversion:subversion:1.0.5
  • cpe:2.3:a:subversion:subversion:1.0.4
    cpe:2.3:a:subversion:subversion:1.0.4
  • cpe:2.3:a:subversion:subversion:1.1.0_rc1
    cpe:2.3:a:subversion:subversion:1.1.0_rc1
  • cpe:2.3:a:subversion:subversion:1.0.2
    cpe:2.3:a:subversion:subversion:1.0.2
  • cpe:2.3:a:subversion:subversion:1.0.3
    cpe:2.3:a:subversion:subversion:1.0.3
  • cpe:2.3:a:subversion:subversion:1.0
    cpe:2.3:a:subversion:subversion:1.0
  • cpe:2.3:a:subversion:subversion:1.0.1
    cpe:2.3:a:subversion:subversion:1.0.1
  • cpe:2.3:a:subversion:subversion:1.4.4
    cpe:2.3:a:subversion:subversion:1.4.4
  • cpe:2.3:a:subversion:subversion:1.4.3
    cpe:2.3:a:subversion:subversion:1.4.3
  • cpe:2.3:a:subversion:subversion:1.1.0_rc3
    cpe:2.3:a:subversion:subversion:1.1.0_rc3
  • cpe:2.3:a:subversion:subversion:1.1.0_rc2
    cpe:2.3:a:subversion:subversion:1.1.0_rc2
  • cpe:2.3:a:subversion:subversion:1.5.6
    cpe:2.3:a:subversion:subversion:1.5.6
  • cpe:2.3:a:subversion:subversion:1.5.5
    cpe:2.3:a:subversion:subversion:1.5.5
  • cpe:2.3:a:subversion:subversion:1.5.4
    cpe:2.3:a:subversion:subversion:1.5.4
  • cpe:2.3:a:subversion:subversion:1.5.3
    cpe:2.3:a:subversion:subversion:1.5.3
  • cpe:2.3:a:subversion:subversion:1.4.2
    cpe:2.3:a:subversion:subversion:1.4.2
  • cpe:2.3:a:subversion:subversion:1.5.1
    cpe:2.3:a:subversion:subversion:1.5.1
  • cpe:2.3:a:subversion:subversion:1.5.0
    cpe:2.3:a:subversion:subversion:1.5.0
  • cpe:2.3:a:subversion:subversion:1.4.5
    cpe:2.3:a:subversion:subversion:1.4.5
  • cpe:2.3:a:subversion:subversion:1.4.1
    cpe:2.3:a:subversion:subversion:1.4.1
  • cpe:2.3:a:subversion:subversion:1.4.0
    cpe:2.3:a:subversion:subversion:1.4.0
  • cpe:2.3:a:subversion:subversion:1.3.2
    cpe:2.3:a:subversion:subversion:1.3.2
  • cpe:2.3:a:subversion:subversion:1.3.1
    cpe:2.3:a:subversion:subversion:1.3.1
  • cpe:2.3:a:subversion:subversion:1.3.0
    cpe:2.3:a:subversion:subversion:1.3.0
  • cpe:2.3:a:subversion:subversion:1.2.3
    cpe:2.3:a:subversion:subversion:1.2.3
  • cpe:2.3:a:subversion:subversion:1.2.1
    cpe:2.3:a:subversion:subversion:1.2.1
  • cpe:2.3:a:subversion:subversion:1.2.2
    cpe:2.3:a:subversion:subversion:1.2.2
  • cpe:2.3:a:subversion:subversion:1.2.0
    cpe:2.3:a:subversion:subversion:1.2.0
  • cpe:2.3:a:subversion:subversion:1.1.4
    cpe:2.3:a:subversion:subversion:1.1.4
  • cpe:2.3:a:subversion:subversion:1.1.3
    cpe:2.3:a:subversion:subversion:1.1.3
  • cpe:2.3:a:subversion:subversion:1.1.2
    cpe:2.3:a:subversion:subversion:1.1.2
  • cpe:2.3:a:subversion:subversion:1.1.1
    cpe:2.3:a:subversion:subversion:1.1.1
  • cpe:2.3:a:subversion:subversion:1.0.9
    cpe:2.3:a:subversion:subversion:1.0.9
  • cpe:2.3:a:subversion:subversion:1.1.0
    cpe:2.3:a:subversion:subversion:1.1.0
  • cpe:2.3:a:subversion:subversion:1.0.8
    cpe:2.3:a:subversion:subversion:1.0.8
  • cpe:2.3:a:subversion:subversion:1.0.0
    cpe:2.3:a:subversion:subversion:1.0.0
  • cpe:2.3:a:subversion:subversion:0.37.0
    cpe:2.3:a:subversion:subversion:0.37.0
  • cpe:2.3:a:subversion:subversion:0.35.1
    cpe:2.3:a:subversion:subversion:0.35.1
  • cpe:2.3:a:subversion:subversion:0.35.0
    cpe:2.3:a:subversion:subversion:0.35.0
  • cpe:2.3:a:subversion:subversion:0.36.0
    cpe:2.3:a:subversion:subversion:0.36.0
  • cpe:2.3:a:subversion:subversion:0.34.0
    cpe:2.3:a:subversion:subversion:0.34.0
  • cpe:2.3:a:subversion:subversion:0.33.1
    cpe:2.3:a:subversion:subversion:0.33.1
  • cpe:2.3:a:subversion:subversion:0.33.0
    cpe:2.3:a:subversion:subversion:0.33.0
  • cpe:2.3:a:subversion:subversion:0.32.1
    cpe:2.3:a:subversion:subversion:0.32.1
  • cpe:2.3:a:subversion:subversion:0.32.0
    cpe:2.3:a:subversion:subversion:0.32.0
  • cpe:2.3:a:subversion:subversion:0.31.0
    cpe:2.3:a:subversion:subversion:0.31.0
  • cpe:2.3:a:subversion:subversion:0.30.0
    cpe:2.3:a:subversion:subversion:0.30.0
  • cpe:2.3:a:subversion:subversion:0.29.0
    cpe:2.3:a:subversion:subversion:0.29.0
  • cpe:2.3:a:subversion:subversion:0.28.2
    cpe:2.3:a:subversion:subversion:0.28.2
  • cpe:2.3:a:subversion:subversion:0.28.1
    cpe:2.3:a:subversion:subversion:0.28.1
  • cpe:2.3:a:subversion:subversion:0.28.0
    cpe:2.3:a:subversion:subversion:0.28.0
  • cpe:2.3:a:subversion:subversion:0.27.0
    cpe:2.3:a:subversion:subversion:0.27.0
  • cpe:2.3:a:subversion:subversion:0.25.0
    cpe:2.3:a:subversion:subversion:0.25.0
  • cpe:2.3:a:subversion:subversion:0.24.1
    cpe:2.3:a:subversion:subversion:0.24.1
  • cpe:2.3:a:subversion:subversion:0.24.2
    cpe:2.3:a:subversion:subversion:0.24.2
  • cpe:2.3:a:subversion:subversion:0.24.0
    cpe:2.3:a:subversion:subversion:0.24.0
  • cpe:2.3:a:subversion:subversion:0.23.0
    cpe:2.3:a:subversion:subversion:0.23.0
  • cpe:2.3:a:subversion:subversion:0.22.1
    cpe:2.3:a:subversion:subversion:0.22.1
  • cpe:2.3:a:subversion:subversion:1.6.3
    cpe:2.3:a:subversion:subversion:1.6.3
  • cpe:2.3:a:subversion:subversion:1.6.2
    cpe:2.3:a:subversion:subversion:1.6.2
  • cpe:2.3:a:subversion:subversion:1.6.1
    cpe:2.3:a:subversion:subversion:1.6.1
  • cpe:2.3:a:subversion:subversion:1.6.0
    cpe:2.3:a:subversion:subversion:1.6.0
CVSS
Base: 8.5 (as of 10-08-2009 - 09:01)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id SUBVERSION_1_6_4.NASL
    description The installed version of Subversion Client or Server is affected by multiple heap overflow issues. Specifically, the 'libsvn_delta' library fails to perform sufficient boundary checks before processing certain svndiff streams. An attacker with commit access to a vulnerable Subversion server can exploit this vulnerability from a Subversion client to trigger a heap overflow on the server. Typically such an attack would result in a denial of service condition or arbitrary code execution on the remote server. An attacker can also trigger this issue from a rogue Subversion server on a Subversion client in response to a checkout or update request.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40620
    published 2009-08-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40620
    title Apache Subversion < 1.6.4 'libsvn_delta' Library Binary Delta svndiff Stream Parsing Multiple Overflows
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_2.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42434
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42434
    title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_SUBVERSION-090810.NASL
    description This version upgrade of subversion to 1.5.7 fixes some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411) Version 1.5.7 also fixes various non-security bugs.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40588
    published 2009-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40588
    title openSUSE Security Update : subversion (subversion-1185)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-199.NASL
    description A vulnerability has been found and corrected in subversion : Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412 (CVE-2009-2411). This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 40540
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40540
    title Mandriva Linux Security Advisory : subversion (MDVSA-2009:199-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090810_SUBVERSION_ON_SL4_X.NASL
    description CVE-2009-2411 subversion: multiple heap overflow issues Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60638
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60638
    title Scientific Linux Security Update : subversion on SL4.x, SL5.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BCE1F76D82D011DE88EA001A4D49522B.NASL
    description A Subversion Security Advisory reports : Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update. This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40508
    published 2009-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40508
    title FreeBSD : subversion -- heap overflow vulnerability (bce1f76d-82d0-11de-88ea-001a4d49522b)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CVS2SVN-6423.NASL
    description This update of subversion fixes some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 51720
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51720
    title SuSE 10 Security Update : subversion (ZYPP Patch Number 6423)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200908-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200908-05 (Subversion: Remote execution of arbitrary code) Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows. Impact : A remote attacker with commit access could exploit this vulnerability by sending a specially crafted commit to a Subversion server, or a remote attacker could entice a user to check out or update a repository from a malicious Subversion server, possibly resulting in the execution of arbitrary code with the privileges of the user running the server or client. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 40630
    published 2009-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40630
    title GLSA-200908-05 : Subversion: Remote execution of arbitrary code
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1203.NASL
    description From Red Hat Security Advisory 2009:1203 : Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67906
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67906
    title Oracle Linux 4 / 5 : subversion (ELSA-2009-1203)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-812-1.NASL
    description Matt Lewis discovered that Subversion did not properly sanitize its input when processing svndiff streams, leading to various integer and heap overflows. If a user or automated system processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user processing the input. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40528
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40528
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : subversion vulnerability (USN-812-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8432.NASL
    description This update includes the latest stable release of Subversion, including several enhancements, many bug fixes, and a fix for a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious users with commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) Version 1.6 offers many bug fixes and enhancements over 1.5, with the notable major features: - identical files share storage space in repository - file-externals support for intra-repository files - 'tree' conflicts now handled more gracefully - repository root relative URL support on most commands For more information on changes in 1.6, see the release notes: http://subversion.tigris.org/svn_1.6_releasenotes.html This update includes the latest release of Subversion, version 1.6.2. Version 1.6 offers many bug fixes and enhancements over 1.5, with the notable major features: * identical files share storage space in repository * file- externals support for intra-repository files * 'tree' conflicts now handled more gracefully * repository root relative URL support on most commands Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 40534
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40534
    title Fedora 10 : subversion-1.6.4-2.fc10 (2009-8432)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1203.NASL
    description Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40541
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40541
    title RHEL 4 / 5 : subversion (RHSA-2009:1203)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SUBVERSION-6418.NASL
    description This update of subversion some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42036
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42036
    title openSUSE 10 Security Update : subversion (subversion-6418)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_SUBVERSION-090810.NASL
    description This version upgrade of subversion to 1.5.7 fixes some buffer overflows in the client and server code that can occur while parsing binary diffs. (CVE-2009-2411) Version 1.5.7 also fixes various non-security bugs.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40589
    published 2009-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40589
    title openSUSE Security Update : subversion (subversion-1185)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1855.NASL
    description Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44720
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44720
    title Debian DSA-1855-1 : subversion - heap overflow
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1203.NASL
    description Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43775
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43775
    title CentOS 5 : subversion (CESA-2009:1203)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8449.NASL
    description This update includes the latest stable release of Subversion, fixing many bugs and a security issue: Matt Lewis reported multiple heap overflow flaws in Subversion (servers and clients) when parsing binary deltas. Malicious users with commit access to a vulnerable server could uses these flaws to cause a heap overflow on the server running Subversion. A malicious Subversion server could use these flaws to cause a heap overflow on vulnerable clients when they attempt to checkout or update, resulting in a crash or, possibly, arbitrary code execution on the vulnerable client. (CVE-2009-2411) This update also adds support for storing passwords in the GNOME Keyring or KDE Wallet, via the new subversion-gnome and subversion-kde subpackages. For more details of the bug fixes included in this update, see: http://svn.collab.net/repos/svn/tags/1.6.4/CHANGES Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 40536
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40536
    title Fedora 11 : subversion-1.6.4-2.fc11 (2009-8449)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-219-01.NASL
    description New subversion packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2015-03-19
    plugin id 40511
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40511
    title Slackware 12.0 / 12.1 / 12.2 / current : subversion (SSA:2009-219-01)
oval via4
accepted 2013-04-29T04:14:14.421-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
family unix
id oval:org.mitre.oval:def:11465
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
version 24
redhat via4
advisories
bugzilla
id 514744
title CVE-2009-2411 subversion: multiple heap overflow issues
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment mod_dav_svn is earlier than 0:1.1.4-3.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091203004
        • comment mod_dav_svn is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091203005
      • AND
        • comment subversion is earlier than 0:1.1.4-3.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091203002
        • comment subversion is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091203003
      • AND
        • comment subversion-devel is earlier than 0:1.1.4-3.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091203006
        • comment subversion-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091203007
      • AND
        • comment subversion-perl is earlier than 0:1.1.4-3.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091203008
        • comment subversion-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091203009
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment mod_dav_svn is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203019
        • comment mod_dav_svn is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039009
      • AND
        • comment subversion is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203011
        • comment subversion is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039003
      • AND
        • comment subversion-devel is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203015
        • comment subversion-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039007
      • AND
        • comment subversion-javahl is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203013
        • comment subversion-javahl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039005
      • AND
        • comment subversion-perl is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203021
        • comment subversion-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039013
      • AND
        • comment subversion-ruby is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203017
        • comment subversion-ruby is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039011
rhsa
id RHSA-2009:1203
released 2009-08-10
severity Important
title RHSA-2009:1203: subversion security update (Important)
rpms
  • mod_dav_svn-0:1.1.4-3.el4_8.2
  • subversion-0:1.1.4-3.el4_8.2
  • subversion-devel-0:1.1.4-3.el4_8.2
  • subversion-perl-0:1.1.4-3.el4_8.2
  • mod_dav_svn-0:1.4.2-4.el5_3.1
  • subversion-0:1.4.2-4.el5_3.1
  • subversion-devel-0:1.4.2-4.el5_3.1
  • subversion-javahl-0:1.4.2-4.el5_3.1
  • subversion-perl-0:1.4.2-4.el5_3.1
  • subversion-ruby-0:1.4.2-4.el5_3.1
refmap via4
apple APPLE-SA-2009-11-09-1
bid 35983
bugtraq 20090807 Subversion heap overflow
confirm
debian DSA-1855
fedora
  • FEDORA-2009-8432
  • FEDORA-2009-8449
mandriva MDVSA-2009:199
mlist
  • [dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411
  • [dev] 20090806 Subversion 1.5.7 Released
  • [dev] 20090806 Subversion 1.6.4 Released
osvdb 56856
sectrack 1022697
secunia
  • 36184
  • 36224
  • 36232
  • 36257
  • 36262
ubuntu USN-812-1
vupen
  • ADV-2009-2180
  • ADV-2009-3184
Last major update 21-08-2010 - 01:33
Published 07-08-2009 - 15:30
Last modified 18-09-2017 - 21:29
Back to Top