Subversion.WebDAV.REPORT.Query.Buffer.Overflow
Description
This indicates an attempt to exploit a stack-based buffer overflow in Subversion.
The vulnerability is caused by an input validation error in the date-parsing code. A remote attacker can exploit this by sending a specially-crafted DAV2 REPORT query or get-dated-rev svn-protocol command, which may result in the execution of arbitrary code.
Affected Products
Subversion Subversion 1.0.2
Subversion Subversion 1.0.1
Subversion Subversion 1.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version, available from the following websites:
Subversion Subversion 1.0
OpenPKG subversion-1.0.0-2.0.2.src.rpm:
ftp://ftp.openpkg.org/release/2.0/UPD/subversion-1.0.0-2.0.2.src.rpm
Subversion 1.0.3:
Subversion Subversion 1.0.1
Subversion 1.0.3:
Subversion Subversion 1.0.2
Subversion 1.0.3:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |