Nessus Plugin #15406
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200409-35] Subversion: Metadata information leak
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- Subversion: Metadata information leak
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2004-0749
- Bugtraq_id:
- 11243
- Xrefs:
- GLSA:200409-35
- Description:
- The remote host is affected by the vulnerability described in GLSA-200409-35
(Subversion: Metadata information leak)
There is a bug in mod_authz_svn that causes it to reveal logged metadata
regarding commits to protected areas.
Impact
Protected files themselves will not be revealed, but an attacker could use
the metadata to reveal the existence of protected areas, such as paths,
file versions, and the commit logs from those areas.
Workaround
Rather than using mod_authz_svn, move protected areas into seperate
repositories and use native Apache authentication to make these
repositories unreadable.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0749
http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt
Solution:
All Subversion users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=dev-util/subversion-1.0.8"
# emerge ">=dev-util/subversion-1.0.8"
Risk factor : Low
Generiert am 27.04.2005 um 18:49:54 Uhr.