ID CVE-2017-9800
Summary A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
redhat via4
advisories
bugzilla
id 1479686
title CVE-2017-9800 subversion: Command injection through clients via malicious svn+ssh URLs
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment mod_dav_svn is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480023
      • comment mod_dav_svn is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258014
    • AND
      • comment subversion is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480017
      • comment subversion is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258006
    • AND
      • comment subversion-devel is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480005
      • comment subversion-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258020
    • AND
      • comment subversion-gnome is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480025
      • comment subversion-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258018
    • AND
      • comment subversion-javahl is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480011
      • comment subversion-javahl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258022
    • AND
      • comment subversion-kde is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480021
      • comment subversion-kde is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258010
    • AND
      • comment subversion-libs is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480009
      • comment subversion-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166014
    • AND
      • comment subversion-perl is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480007
      • comment subversion-perl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258016
    • AND
      • comment subversion-python is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480019
      • comment subversion-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166012
    • AND
      • comment subversion-ruby is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480013
      • comment subversion-ruby is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258008
    • AND
      • comment subversion-tools is earlier than 0:1.7.14-11.el7_4
        oval oval:com.redhat.rhsa:tst:20172480015
      • comment subversion-tools is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166022
rhsa
id RHSA-2017:2480
released 2017-08-15
severity Important
title RHSA-2017:2480: subversion security update (Important)
rpms
  • mod_dav_svn-0:1.7.14-11.el7_4
  • subversion-0:1.7.14-11.el7_4
  • subversion-devel-0:1.7.14-11.el7_4
  • subversion-gnome-0:1.7.14-11.el7_4
  • subversion-javahl-0:1.7.14-11.el7_4
  • subversion-kde-0:1.7.14-11.el7_4
  • subversion-libs-0:1.7.14-11.el7_4
  • subversion-perl-0:1.7.14-11.el7_4
  • subversion-python-0:1.7.14-11.el7_4
  • subversion-ruby-0:1.7.14-11.el7_4
  • subversion-tools-0:1.7.14-11.el7_4
refmap via4
bid 100259
confirm https://subversion.apache.org/security/CVE-2017-9800-advisory.txt
mlist [announce] 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released
sectrack 1039127
Last major update 11-08-2017 - 17:29
Published 11-08-2017 - 17:29
Last modified 12-08-2017 - 21:29
Back to Top