Nessus Plugin #14553
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200407-20] Subversion: Vulnerability in mod_authz_svn
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- Subversion: Vulnerability in mod_authz_svn
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200407-20
- Description:
- The remote host is affected by the vulnerability described in GLSA-200407-20
(Subversion: Vulnerability in mod_authz_svn)
Users with write access to part of a Subversion repository may bypass read
restrictions on any part of that repository. This can be done using an
"svn copy" command to copy the portion of a repository the user
wishes to read into an area where they have write access.
Since copies are versioned, any such copy attempts will be readily
apparent.
Impact
This is a low-risk vulnerability. It affects only users of Subversion who
are running servers inside Apache and using mod_authz_svn. Additionally,
this vulnerability may be exploited only by users with write access to some
portion of a repository.
Workaround
Keep sensitive content separated into different Subversion repositories, or
disable the Apache Subversion server and use svnserve instead.
References:
http://svn.collab.net/repos/svn/tags/1.0.6/CHANGES
Solution:
All Subversion users should upgrade to the latest available version:
# emerge sync
# emerge -pv ">=dev-util/subversion-1.0.6"
# emerve ">=dev-util/subversion-1.0.6"
Risk Factor : Low
Generiert am 27.04.2005 um 18:49:54 Uhr.