7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.129 Low
EPSS
Percentile
95.5%
Joern Schneeweisz discovered that Subversion did not properly handle host names in ‘svn+ssh://’ URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. (CVE-2017-9800)
Daniel Shahaf and James McCoy discovered that Subversion did not properly verify realms when using Cyrus SASL authentication. A remote attacker could use this to possibly bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2167)
Florian Weimer discovered that Subversion clients did not properly restrict XML entity expansion when accessing http(s):// URLs. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8734).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3388-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(102424);
script_version("3.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id("CVE-2016-2167", "CVE-2016-8734", "CVE-2017-9800");
script_xref(name:"USN", value:"3388-1");
script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : Subversion vulnerabilities (USN-3388-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Joern Schneeweisz discovered that Subversion did not properly handle
host names in 'svn+ssh://' URLs. A remote attacker could use this to
construct a subversion repository that when accessed could run
arbitrary code with the privileges of the user. (CVE-2017-9800)
Daniel Shahaf and James McCoy discovered that Subversion did not
properly verify realms when using Cyrus SASL authentication. A remote
attacker could use this to possibly bypass intended access
restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-2167)
Florian Weimer discovered that Subversion clients did not properly
restrict XML entity expansion when accessing http(s):// URLs. A remote
attacker could use this to cause a denial of service. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8734).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3388-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9800");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/05");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn-ruby1.8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsvn1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-subversion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby-svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:subversion-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'libapache2-mod-svn', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'libapache2-svn', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'libsvn-dev', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'libsvn-java', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'libsvn-perl', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'libsvn-ruby1.8', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'libsvn1', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'python-subversion', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'ruby-svn', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'subversion', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '14.04', 'pkgname': 'subversion-tools', 'pkgver': '1.8.8-1ubuntu3.3'},
{'osver': '16.04', 'pkgname': 'libapache2-mod-svn', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'libapache2-svn', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'libsvn-dev', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'libsvn-java', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'libsvn-perl', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'libsvn-ruby1.8', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'libsvn1', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'python-subversion', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'ruby-svn', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'subversion', 'pkgver': '1.9.3-2ubuntu1.1'},
{'osver': '16.04', 'pkgname': 'subversion-tools', 'pkgver': '1.9.3-2ubuntu1.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-svn / libapache2-svn / libsvn-dev / libsvn-java / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | libapache2-mod-svn | p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn |
canonical | ubuntu_linux | libapache2-svn | p-cpe:/a:canonical:ubuntu_linux:libapache2-svn |
canonical | ubuntu_linux | libsvn-dev | p-cpe:/a:canonical:ubuntu_linux:libsvn-dev |
canonical | ubuntu_linux | libsvn-java | p-cpe:/a:canonical:ubuntu_linux:libsvn-java |
canonical | ubuntu_linux | libsvn-perl | p-cpe:/a:canonical:ubuntu_linux:libsvn-perl |
canonical | ubuntu_linux | libsvn-ruby1.8 | p-cpe:/a:canonical:ubuntu_linux:libsvn-ruby1.8 |
canonical | ubuntu_linux | libsvn1 | p-cpe:/a:canonical:ubuntu_linux:libsvn1 |
canonical | ubuntu_linux | python-subversion | p-cpe:/a:canonical:ubuntu_linux:python-subversion |
canonical | ubuntu_linux | ruby-svn | p-cpe:/a:canonical:ubuntu_linux:ruby-svn |
canonical | ubuntu_linux | subversion | p-cpe:/a:canonical:ubuntu_linux:subversion |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.129 Low
EPSS
Percentile
95.5%