ID CVE-2010-4644
Summary Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
References
Vulnerable Configurations
  • Apache Software Foundation Subversion 1.6.3
    cpe:2.3:a:apache:subversion:1.6.3
  • Apache Software Foundation Subversion 1.6.7
    cpe:2.3:a:apache:subversion:1.6.7
  • Apache Software Foundation Subversion 1.6.6
    cpe:2.3:a:apache:subversion:1.6.6
  • Apache Software Foundation Subversion 1.6.5
    cpe:2.3:a:apache:subversion:1.6.5
  • Apache Software Foundation Subversion 1.6.4
    cpe:2.3:a:apache:subversion:1.6.4
  • Apache Software Foundation Subversion 1.6.9
    cpe:2.3:a:apache:subversion:1.6.9
  • Apache Software Foundation Subversion 1.6.8
    cpe:2.3:a:apache:subversion:1.6.8
  • Apache Software Foundation Subversion Milestone 4/5
    cpe:2.3:a:apache:subversion:m4%2fm5
  • Apache Software Foundation Subversion Milestone 3
    cpe:2.3:a:apache:subversion:m3
  • Apache Software Foundation Subversion Milestone 2
    cpe:2.3:a:apache:subversion:m2
  • Apache Software Foundation Subversion Milestone 1
    cpe:2.3:a:apache:subversion:m1
  • Apache Software Foundation Subversion 1.0.4
    cpe:2.3:a:apache:subversion:1.0.4
  • Apache Software Foundation Subversion 1.0.5
    cpe:2.3:a:apache:subversion:1.0.5
  • Apache Software Foundation Subversion 1.0.2
    cpe:2.3:a:apache:subversion:1.0.2
  • Apache Software Foundation Subversion 1.0.3
    cpe:2.3:a:apache:subversion:1.0.3
  • Apache Software Foundation Subversion 1.0.0
    cpe:2.3:a:apache:subversion:1.0.0
  • Apache Software Foundation Subversion 1.0.1
    cpe:2.3:a:apache:subversion:1.0.1
  • Apache Software Foundation Subversion 0.36.0
    cpe:2.3:a:apache:subversion:0.36.0
  • Apache Software Foundation Subversion 0.37.0
    cpe:2.3:a:apache:subversion:0.37.0
  • Apache Software Foundation Subversion 1.1.2
    cpe:2.3:a:apache:subversion:1.1.2
  • Apache Software Foundation Subversion 1.1.3
    cpe:2.3:a:apache:subversion:1.1.3
  • Apache Software Foundation Subversion 1.1.0
    cpe:2.3:a:apache:subversion:1.1.0
  • Apache Software Foundation Subversion 1.1.1
    cpe:2.3:a:apache:subversion:1.1.1
  • Apache Software Foundation Subversion 1.0.8
    cpe:2.3:a:apache:subversion:1.0.8
  • Apache Software Foundation Subversion 1.0.9
    cpe:2.3:a:apache:subversion:1.0.9
  • Apache Software Foundation Subversion 1.0.6
    cpe:2.3:a:apache:subversion:1.0.6
  • Apache Software Foundation Subversion 1.0.7
    cpe:2.3:a:apache:subversion:1.0.7
  • Apache Software Foundation Subversion 1.3.2
    cpe:2.3:a:apache:subversion:1.3.2
  • Apache Software Foundation Subversion 1.3.1
    cpe:2.3:a:apache:subversion:1.3.1
  • Apache Software Foundation Subversion 1.3.0
    cpe:2.3:a:apache:subversion:1.3.0
  • Apache Software Foundation Subversion 1.2.3
    cpe:2.3:a:apache:subversion:1.2.3
  • Apache Software Foundation Subversion 1.2.2
    cpe:2.3:a:apache:subversion:1.2.2
  • Apache Software Foundation Subversion 1.2.1
    cpe:2.3:a:apache:subversion:1.2.1
  • Apache Software Foundation Subversion 1.2.0
    cpe:2.3:a:apache:subversion:1.2.0
  • Apache Software Foundation Subversion 1.1.4
    cpe:2.3:a:apache:subversion:1.1.4
  • Apache Software Foundation Subversion 1.4.6
    cpe:2.3:a:apache:subversion:1.4.6
  • Apache Software Foundation Subversion 1.4.5
    cpe:2.3:a:apache:subversion:1.4.5
  • Apache Software Foundation Subversion 1.4.4
    cpe:2.3:a:apache:subversion:1.4.4
  • Apache Software Foundation Subversion 1.4.3
    cpe:2.3:a:apache:subversion:1.4.3
  • Apache Software Foundation Subversion 1.4.2
    cpe:2.3:a:apache:subversion:1.4.2
  • Apache Software Foundation Subversion 1.4.1
    cpe:2.3:a:apache:subversion:1.4.1
  • Apache Software Foundation Subversion 1.4.0
    cpe:2.3:a:apache:subversion:1.4.0
  • Apache Software Foundation Subversion 0.18.1
    cpe:2.3:a:apache:subversion:0.18.1
  • Apache Software Foundation Subversion 0.19.0
    cpe:2.3:a:apache:subversion:0.19.0
  • Apache Software Foundation Subversion 0.19.1
    cpe:2.3:a:apache:subversion:0.19.1
  • Apache Software Foundation Subversion 0.20.0
    cpe:2.3:a:apache:subversion:0.20.0
  • Apache Software Foundation Subversion 0.16.1
    cpe:2.3:a:apache:subversion:0.16.1
  • Apache Software Foundation Subversion 0.17.0
    cpe:2.3:a:apache:subversion:0.17.0
  • Apache Software Foundation Subversion 0.17.1
    cpe:2.3:a:apache:subversion:0.17.1
  • Apache Software Foundation Subversion 0.18.0
    cpe:2.3:a:apache:subversion:0.18.0
  • Apache Software Foundation Subversion 0.22.2
    cpe:2.3:a:apache:subversion:0.22.2
  • Apache Software Foundation Subversion 0.23.0
    cpe:2.3:a:apache:subversion:0.23.0
  • Apache Software Foundation Subversion 0.24.0
    cpe:2.3:a:apache:subversion:0.24.0
  • Apache Software Foundation Subversion 0.24.1
    cpe:2.3:a:apache:subversion:0.24.1
  • Apache Software Foundation Subversion 0.20.1
    cpe:2.3:a:apache:subversion:0.20.1
  • Apache Software Foundation Subversion 0.21.0
    cpe:2.3:a:apache:subversion:0.21.0
  • Apache Software Foundation Subversion 0.22.0
    cpe:2.3:a:apache:subversion:0.22.0
  • Apache Software Foundation Subversion 0.22.1
    cpe:2.3:a:apache:subversion:0.22.1
  • Apache Software Foundation Subversion 0.28.1
    cpe:2.3:a:apache:subversion:0.28.1
  • Apache Software Foundation Subversion 0.28.0
    cpe:2.3:a:apache:subversion:0.28.0
  • Apache Software Foundation Subversion 0.29.0
    cpe:2.3:a:apache:subversion:0.29.0
  • Apache Software Foundation Subversion 0.28.2
    cpe:2.3:a:apache:subversion:0.28.2
  • Apache Software Foundation Subversion 0.25.0
    cpe:2.3:a:apache:subversion:0.25.0
  • Apache Software Foundation Subversion 0.24.2
    cpe:2.3:a:apache:subversion:0.24.2
  • Apache Software Foundation Subversion 0.27.0
    cpe:2.3:a:apache:subversion:0.27.0
  • Apache Software Foundation Subversion 0.26.0
    cpe:2.3:a:apache:subversion:0.26.0
  • Apache Software Foundation Subversion 0.34.0
    cpe:2.3:a:apache:subversion:0.34.0
  • Apache Software Foundation Subversion 0.33.1
    cpe:2.3:a:apache:subversion:0.33.1
  • Apache Software Foundation Subversion 0.35.1
    cpe:2.3:a:apache:subversion:0.35.1
  • Apache Software Foundation Subversion 0.35.0
    cpe:2.3:a:apache:subversion:0.35.0
  • Apache Software Foundation Subversion 0.31.0
    cpe:2.3:a:apache:subversion:0.31.0
  • Apache Software Foundation Subversion 0.30.0
    cpe:2.3:a:apache:subversion:0.30.0
  • Apache Software Foundation Subversion 0.33.0
    cpe:2.3:a:apache:subversion:0.33.0
  • Apache Software Foundation Subversion 0.32.1
    cpe:2.3:a:apache:subversion:0.32.1
  • Apache Software Foundation Subversion 1.5.0
    cpe:2.3:a:apache:subversion:1.5.0
  • Apache Software Foundation Subversion 1.5.3
    cpe:2.3:a:apache:subversion:1.5.3
  • Apache Software Foundation Subversion 1.5.4
    cpe:2.3:a:apache:subversion:1.5.4
  • Apache Software Foundation Subversion 1.5.1
    cpe:2.3:a:apache:subversion:1.5.1
  • Apache Software Foundation Subversion 1.5.2
    cpe:2.3:a:apache:subversion:1.5.2
  • Apache Software Foundation Subversion 1.5.8
    cpe:2.3:a:apache:subversion:1.5.8
  • Apache Software Foundation Subversion 1.5.7
    cpe:2.3:a:apache:subversion:1.5.7
  • Apache Software Foundation Subversion 1.5.6
    cpe:2.3:a:apache:subversion:1.5.6
  • Apache Software Foundation Subversion 1.5.5
    cpe:2.3:a:apache:subversion:1.5.5
  • Apache Software Foundation Subversion 1.6.2
    cpe:2.3:a:apache:subversion:1.6.2
  • Apache Software Foundation Subversion 1.6.1
    cpe:2.3:a:apache:subversion:1.6.1
  • Apache Software Foundation Subversion 1.6.0
    cpe:2.3:a:apache:subversion:1.6.0
  • Apache Software Foundation Subversion 1.6.11
    cpe:2.3:a:apache:subversion:1.6.11
  • Apache Software Foundation Subversion 1.6.10
    cpe:2.3:a:apache:subversion:1.6.10
  • Apache Software Foundation Subversion 1.6.13
    cpe:2.3:a:apache:subversion:1.6.13
  • Apache Software Foundation Subversion 1.6.12
    cpe:2.3:a:apache:subversion:1.6.12
  • Apache Software Foundation Subversion 0.9
    cpe:2.3:a:apache:subversion:0.9
  • Apache Software Foundation Subversion 0.8
    cpe:2.3:a:apache:subversion:0.8
  • Apache Software Foundation Subversion 0.7
    cpe:2.3:a:apache:subversion:0.7
  • Apache Software Foundation Subversion 0.6
    cpe:2.3:a:apache:subversion:0.6
  • Apache Software Foundation Subversion 0.14.2
    cpe:2.3:a:apache:subversion:0.14.2
  • Apache Software Foundation Subversion 0.14.3
    cpe:2.3:a:apache:subversion:0.14.3
  • Apache Software Foundation Subversion 0.14.0
    cpe:2.3:a:apache:subversion:0.14.0
  • Apache Software Foundation Subversion 0.14.1
    cpe:2.3:a:apache:subversion:0.14.1
  • Apache Software Foundation Subversion 0.15
    cpe:2.3:a:apache:subversion:0.15
  • Apache Software Foundation Subversion 0.16
    cpe:2.3:a:apache:subversion:0.16
  • Apache Software Foundation Subversion 0.14.4
    cpe:2.3:a:apache:subversion:0.14.4
  • Apache Software Foundation Subversion 0.14.5
    cpe:2.3:a:apache:subversion:0.14.5
  • Apache Software Foundation Subversion 0.10.2
    cpe:2.3:a:apache:subversion:0.10.2
  • Apache Software Foundation Subversion 0.11.1
    cpe:2.3:a:apache:subversion:0.11.1
  • Apache Software Foundation Subversion 0.10.0
    cpe:2.3:a:apache:subversion:0.10.0
  • Apache Software Foundation Subversion 0.10.1
    cpe:2.3:a:apache:subversion:0.10.1
  • Apache Software Foundation Subversion 0.13.1
    cpe:2.3:a:apache:subversion:0.13.1
  • Apache Software Foundation Subversion 0.13.2
    cpe:2.3:a:apache:subversion:0.13.2
  • Apache Software Foundation Subversion 0.12.0
    cpe:2.3:a:apache:subversion:0.12.0
  • Apache Software Foundation Subversion 0.13.0
    cpe:2.3:a:apache:subversion:0.13.0
  • Apache Software Foundation Subversion 1.6.14
    cpe:2.3:a:apache:subversion:1.6.14
CVSS
Base: 3.5 (as of 10-01-2011 - 10:40)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1053-1.NASL
    description It was discovered that Subversion incorrectly handled certain 'partial access' privileges in rare scenarios. Remote authenticated users could use this flaw to obtain sensitive information (revision properties). This issue only applied to Ubuntu 6.06 LTS. (CVE-2007-2448) It was discovered that the Subversion mod_dav_svn module for Apache did not properly handle a named repository as a rule scope. Remote authenticated users could use this flaw to bypass intended restrictions. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-3315) It was discovered that the Subversion mod_dav_svn module for Apache incorrectly handled the walk function. Remote authenticated users could use this flaw to cause the service to crash, leading to a denial of service. (CVE-2010-4539) It was discovered that Subversion incorrectly handled certain memory operations. Remote authenticated users could use this flaw to consume large quantities of memory and cause the service to crash, leading to a denial of service. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-4644). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 51846
    published 2011-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51846
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerabilities (USN-1053-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBSVN_AUTH_GNOME_KEYRING-1-0-110119.NASL
    description The subversion server could be crashed by clients inside SVNParentPath(). Additionally an Out Of Memory condition via 'blame -g' has been fixed. CVE-2010-4539 and CVE-2010-4644 have been assigned to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53759
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53759
    title openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0136-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_716120991E9311E0A587001B77D09812.NASL
    description Entry for CVE-2010-4539 says : The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Entry for CVE-2010-4644 says : Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 51520
    published 2011-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51520
    title FreeBSD : subversion -- multiple DoS (71612099-1e93-11e0-a587-001b77d09812)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0257.NASL
    description Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53420
    published 2011-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53420
    title CentOS 5 : subversion (CESA-2011:0257)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110215_SUBVERSION_ON_SL5_X.NASL
    description A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60954
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60954
    title Scientific Linux Security Update : subversion on SL5.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-11 (Subversion: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service condition or obtain sensitive information. A local attacker could escalate his privileges to the user running svnserve. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 70084
    published 2013-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70084
    title GLSA-201309-11 : Subversion: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0257.NASL
    description Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 51994
    published 2011-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51994
    title RHEL 5 : subversion (RHSA-2011:0257)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110215_SUBVERSION_ON_SL6_X.NASL
    description An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to 'short_circuit', certain access rules were not enforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to 'On' by default. (CVE-2010-3315) A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60955
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60955
    title Scientific Linux Security Update : subversion on SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0257.NASL
    description From Red Hat Security Advisory 2011:0257 : Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68199
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68199
    title Oracle Linux 5 : subversion (ELSA-2011-0257)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBSVN_AUTH_GNOME_KEYRING-1-0-110119.NASL
    description The subversion server could be crashed by clients inside SVNParentPath(). Additionally an Out Of Memory condition via 'blame -g' has been fixed. CVE-2010-4539 and CVE-2010-4644 have been assigned to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75616
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75616
    title openSUSE Security Update : libsvn_auth_gnome_keyring-1-0 (openSUSE-SU-2011:0136-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-006.NASL
    description Multiple vulnerabilities has been found and corrected in subversion : The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections (CVE-2010-4539). Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command (CVE-2010-4644). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been upgraded to the latest versions (1.5.9, 1.6.15) which is not affected by these issues and in turn contains many bugfixes as well.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 51798
    published 2011-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51798
    title Mandriva Linux Security Advisory : subversion (MDVSA-2011:006)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-0099.NASL
    description This release includes the latest Subversion release, fixing several bugs : - improve svnsync handling of dir copies - hide unreadable dirs in mod_dav_svn's GET response - make 'svnmucc propsetf' actually work - limit memory fragmentation in svnserve - fix 'svn export' regression from 1.6.13 - fix 'svn export' mistakenly uri-encodes paths - fix server-side memory leaks triggered by 'blame -g' - prevent crash in mod_dav_svn when using SVNParentPath - allow 'log -g' to continue in the face of invalid mergeinfo - filter unreadable paths for 'svn ls' and 'svn co' - fix abort in 'svn blame -g' - fix file handle leak in ruby bindings - remove check for 1.7-style working copies Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 51565
    published 2011-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51565
    title Fedora 14 : subversion-1.6.15-1.fc14 (2011-0099)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0258.NASL
    description From Red Hat Security Advisory 2011:0258 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to 'short_circuit', certain access rules were not enforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to 'On' by default. (CVE-2010-3315) A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 68200
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68200
    title Oracle Linux 6 : subversion (ELSA-2011-0258)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0258.NASL
    description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to 'short_circuit', certain access rules were not enforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to 'On' by default. (CVE-2010-3315) A server-side memory leak was found in the Subversion server. If a malicious, remote user performed 'svn blame' or 'svn log' operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 51995
    published 2011-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51995
    title RHEL 6 : subversion (RHSA-2011:0258)
redhat via4
advisories
  • bugzilla
    id 667763
    title CVE-2010-4644 Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment mod_dav_svn is earlier than 0:1.6.11-7.el5_6.1
          oval oval:com.redhat.rhsa:tst:20110257004
        • comment mod_dav_svn is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039009
      • AND
        • comment subversion is earlier than 0:1.6.11-7.el5_6.1
          oval oval:com.redhat.rhsa:tst:20110257002
        • comment subversion is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039003
      • AND
        • comment subversion-devel is earlier than 0:1.6.11-7.el5_6.1
          oval oval:com.redhat.rhsa:tst:20110257006
        • comment subversion-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039007
      • AND
        • comment subversion-javahl is earlier than 0:1.6.11-7.el5_6.1
          oval oval:com.redhat.rhsa:tst:20110257010
        • comment subversion-javahl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039005
      • AND
        • comment subversion-perl is earlier than 0:1.6.11-7.el5_6.1
          oval oval:com.redhat.rhsa:tst:20110257012
        • comment subversion-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039013
      • AND
        • comment subversion-ruby is earlier than 0:1.6.11-7.el5_6.1
          oval oval:com.redhat.rhsa:tst:20110257008
        • comment subversion-ruby is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039011
    rhsa
    id RHSA-2011:0257
    released 2011-02-15
    severity Moderate
    title RHSA-2011:0257: subversion security update (Moderate)
  • bugzilla
    id 667763
    title CVE-2010-4644 Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment mod_dav_svn is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258013
        • comment mod_dav_svn is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258014
      • AND
        • comment subversion is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258005
        • comment subversion is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258006
      • AND
        • comment subversion-devel is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258019
        • comment subversion-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258020
      • AND
        • comment subversion-gnome is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258017
        • comment subversion-gnome is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258018
      • AND
        • comment subversion-javahl is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258021
        • comment subversion-javahl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258022
      • AND
        • comment subversion-kde is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258009
        • comment subversion-kde is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258010
      • AND
        • comment subversion-perl is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258015
        • comment subversion-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258016
      • AND
        • comment subversion-ruby is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258007
        • comment subversion-ruby is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258008
      • AND
        • comment subversion-svn2cl is earlier than 0:1.6.11-2.el6_0.2
          oval oval:com.redhat.rhsa:tst:20110258011
        • comment subversion-svn2cl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258012
    rhsa
    id RHSA-2011:0258
    released 2011-02-15
    severity Moderate
    title RHSA-2011:0258: subversion security update (Moderate)
rpms
  • mod_dav_svn-0:1.6.11-7.el5_6.1
  • subversion-0:1.6.11-7.el5_6.1
  • subversion-devel-0:1.6.11-7.el5_6.1
  • subversion-javahl-0:1.6.11-7.el5_6.1
  • subversion-perl-0:1.6.11-7.el5_6.1
  • subversion-ruby-0:1.6.11-7.el5_6.1
  • mod_dav_svn-0:1.6.11-2.el6_0.2
  • subversion-0:1.6.11-2.el6_0.2
  • subversion-devel-0:1.6.11-2.el6_0.2
  • subversion-gnome-0:1.6.11-2.el6_0.2
  • subversion-javahl-0:1.6.11-2.el6_0.2
  • subversion-kde-0:1.6.11-2.el6_0.2
  • subversion-perl-0:1.6.11-2.el6_0.2
  • subversion-ruby-0:1.6.11-2.el6_0.2
  • subversion-svn2cl-0:1.6.11-2.el6_0.2
refmap via4
bid 45655
confirm
fedora FEDORA-2011-0099
mandriva MDVSA-2011:006
mlist
  • [dev] 20101104 "svn blame -g" causing svnserve to hang & mem usage to hit 2GB
  • [oss-security] 20110102 CVE request for subversion
  • [oss-security] 20110104 Re: CVE request for subversion
  • [oss-security] 20110105 Re: CVE request for subversion
  • [subversion-users] 20101104 svnserve.exe (Win32) using 2GB of memory and then crashing?
  • [www-announce] 20101124 Apache Subversion 1.6.15 Released
sectrack 1024935
secunia
  • 42780
  • 42969
  • 43115
  • 43139
  • 43346
suse SUSE-SR:2011:005
ubuntu USN-1053-1
vupen
  • ADV-2011-0015
  • ADV-2011-0103
  • ADV-2011-0162
  • ADV-2011-0264
xf subversion-blameg-dos(64473)
Last major update 11-02-2014 - 23:24
Published 07-01-2011 - 14:00
Last modified 16-08-2017 - 21:33
Back to Top