ID CVE-2009-2411
Summary Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
References
Vulnerable Configurations
  • cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.28.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.32.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.32.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.33.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.33.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.35.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.35.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:0.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:0.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.0_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.0_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.0_rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:subversion:subversion:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:subversion:subversion:1.6.3:*:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:S/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:14:14.421-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
family unix
id oval:org.mitre.oval:def:11465
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
version 24
redhat via4
advisories
bugzilla
id 514744
title CVE-2009-2411 subversion: multiple heap overflow issues
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment mod_dav_svn is earlier than 0:1.1.4-3.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091203004
        • comment mod_dav_svn is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091203005
      • AND
        • comment subversion is earlier than 0:1.1.4-3.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091203002
        • comment subversion is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091203003
      • AND
        • comment subversion-devel is earlier than 0:1.1.4-3.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091203006
        • comment subversion-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091203007
      • AND
        • comment subversion-perl is earlier than 0:1.1.4-3.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091203008
        • comment subversion-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20091203009
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment mod_dav_svn is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203019
        • comment mod_dav_svn is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039009
      • AND
        • comment subversion is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203011
        • comment subversion is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039003
      • AND
        • comment subversion-devel is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203015
        • comment subversion-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039007
      • AND
        • comment subversion-javahl is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203013
        • comment subversion-javahl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039005
      • AND
        • comment subversion-perl is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203021
        • comment subversion-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039013
      • AND
        • comment subversion-ruby is earlier than 0:1.4.2-4.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091203017
        • comment subversion-ruby is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhea:tst:20110039011
rhsa
id RHSA-2009:1203
released 2009-08-10
severity Important
title RHSA-2009:1203: subversion security update (Important)
rpms
  • mod_dav_svn-0:1.1.4-3.el4_8.2
  • subversion-0:1.1.4-3.el4_8.2
  • subversion-devel-0:1.1.4-3.el4_8.2
  • subversion-perl-0:1.1.4-3.el4_8.2
  • mod_dav_svn-0:1.4.2-4.el5_3.1
  • subversion-0:1.4.2-4.el5_3.1
  • subversion-devel-0:1.4.2-4.el5_3.1
  • subversion-javahl-0:1.4.2-4.el5_3.1
  • subversion-perl-0:1.4.2-4.el5_3.1
  • subversion-ruby-0:1.4.2-4.el5_3.1
refmap via4
apple APPLE-SA-2009-11-09-1
bid 35983
bugtraq 20090807 Subversion heap overflow
confirm
debian DSA-1855
fedora
  • FEDORA-2009-8432
  • FEDORA-2009-8449
mandriva MDVSA-2009:199
mlist
  • [dev] 20090806 Patch to 1.4.x branch for CVE-2009-2411
  • [dev] 20090806 Subversion 1.5.7 Released
  • [dev] 20090806 Subversion 1.6.4 Released
osvdb 56856
sectrack 1022697
secunia
  • 36184
  • 36224
  • 36232
  • 36257
  • 36262
ubuntu USN-812-1
vupen
  • ADV-2009-2180
  • ADV-2009-3184
Last major update 19-09-2017 - 01:29
Published 07-08-2009 - 19:30
Back to Top