Lucene search

AmazonALAS-2016-676

HistoryMar 29, 2016 - 3:30 p.m.

Important: mod_dav_svn, subversion

2016-03-2915:30:00

alas.aws.amazon.com

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

0.944 High

EPSS

Percentile

99.2%

JSON

Issue Overview:

It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187)

An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. (CVE-2015-5259)

It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184)

It was found that the mod_dav_svn module was vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies, allowing an attacker with write access to a repository to cause a denial of service attack (on 32-bit or 64-bit servers) or possibly execute arbitrary code (on 32-bit servers only) under the context of the httpd process. (CVE-2015-5343)

Affected Packages:

mod_dav_svn, subversion

Issue Correction:
Run yum update mod_dav_svn to update your system.
Run yum update subversion to update your system.

New Packages:

i686:  
    mod_dav_svn-1.8.15-1.52.amzn1.i686  
    mod_dav_svn-debuginfo-1.8.15-1.52.amzn1.i686  
    mod24_dav_svn-1.8.15-1.54.amzn1.i686  
    subversion-tools-1.8.15-1.54.amzn1.i686  
    subversion-1.8.15-1.54.amzn1.i686  
    subversion-python27-1.8.15-1.54.amzn1.i686  
    subversion-javahl-1.8.15-1.54.amzn1.i686  
    subversion-ruby-1.8.15-1.54.amzn1.i686  
    subversion-perl-1.8.15-1.54.amzn1.i686  
    subversion-debuginfo-1.8.15-1.54.amzn1.i686  
    subversion-devel-1.8.15-1.54.amzn1.i686  
    subversion-libs-1.8.15-1.54.amzn1.i686  
    subversion-python26-1.8.15-1.54.amzn1.i686  
  
src:  
    mod_dav_svn-1.8.15-1.52.amzn1.src  
    subversion-1.8.15-1.54.amzn1.src  
  
x86_64:  
    mod_dav_svn-1.8.15-1.52.amzn1.x86_64  
    mod_dav_svn-debuginfo-1.8.15-1.52.amzn1.x86_64  
    subversion-debuginfo-1.8.15-1.54.amzn1.x86_64  
    subversion-devel-1.8.15-1.54.amzn1.x86_64  
    subversion-libs-1.8.15-1.54.amzn1.x86_64  
    subversion-javahl-1.8.15-1.54.amzn1.x86_64  
    subversion-tools-1.8.15-1.54.amzn1.x86_64  
    mod24_dav_svn-1.8.15-1.54.amzn1.x86_64  
    subversion-python26-1.8.15-1.54.amzn1.x86_64  
    subversion-python27-1.8.15-1.54.amzn1.x86_64  
    subversion-ruby-1.8.15-1.54.amzn1.x86_64  
    subversion-1.8.15-1.54.amzn1.x86_64  
    subversion-perl-1.8.15-1.54.amzn1.x86_64

Additional References

Red Hat: CVE-2015-3184, CVE-2015-3187, CVE-2015-5259, CVE-2015-5343

Mitre: CVE-2015-3184, CVE-2015-3187, CVE-2015-5259, CVE-2015-5343

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686mod_dav_svn< 1.8.15-1.52.amzn1mod_dav_svn-1.8.15-1.52.amzn1.i686.rpm
Amazon Linux1i686mod_dav_svn-debuginfo< 1.8.15-1.52.amzn1mod_dav_svn-debuginfo-1.8.15-1.52.amzn1.i686.rpm
Amazon Linux1i686mod24_dav_svn< 1.8.15-1.54.amzn1mod24_dav_svn-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux1i686subversion-tools< 1.8.15-1.54.amzn1subversion-tools-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux1i686subversion< 1.8.15-1.54.amzn1subversion-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux1i686subversion-python27< 1.8.15-1.54.amzn1subversion-python27-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux1i686subversion-javahl< 1.8.15-1.54.amzn1subversion-javahl-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux1i686subversion-ruby< 1.8.15-1.54.amzn1subversion-ruby-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux1i686subversion-perl< 1.8.15-1.54.amzn1subversion-perl-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux1i686subversion-debuginfo< 1.8.15-1.54.amzn1subversion-debuginfo-1.8.15-1.54.amzn1.i686.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	mod_dav_svn	< 1.8.15-1.52.amzn1	mod_dav_svn-1.8.15-1.52.amzn1.i686.rpm
Amazon Linux	1	i686	mod_dav_svn-debuginfo	< 1.8.15-1.52.amzn1	mod_dav_svn-debuginfo-1.8.15-1.52.amzn1.i686.rpm
Amazon Linux	1	i686	mod24_dav_svn	< 1.8.15-1.54.amzn1	mod24_dav_svn-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-tools	< 1.8.15-1.54.amzn1	subversion-tools-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux	1	i686	subversion	< 1.8.15-1.54.amzn1	subversion-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-python27	< 1.8.15-1.54.amzn1	subversion-python27-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-javahl	< 1.8.15-1.54.amzn1	subversion-javahl-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-ruby	< 1.8.15-1.54.amzn1	subversion-ruby-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-perl	< 1.8.15-1.54.amzn1	subversion-perl-1.8.15-1.54.amzn1.i686.rpm
Amazon Linux	1	i686	subversion-debuginfo	< 1.8.15-1.54.amzn1	subversion-debuginfo-1.8.15-1.54.amzn1.i686.rpm