Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2011 Greenbone Networks GmbHOPENVAS:840580
HistoryFeb 04, 2011 - 12:00 a.m.

Ubuntu Update for subversion vulnerabilities USN-1053-1

2011-02-0400:00:00
Copyright (c) 2011 Greenbone Networks GmbH
plugins.openvas.org
10

0.007 Low

EPSS

Percentile

79.6%

JSON

Ubuntu Update for Linux kernel vulnerabilities USN-1053-1

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1053_1.nasl 7964 2017-12-01 07:32:11Z santu $
#
# Ubuntu Update for subversion vulnerabilities USN-1053-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "It was discovered that Subversion incorrectly handled certain 'partial
  access' privileges in rare scenarios. Remote authenticated users could use
  this flaw to obtain sensitive information (revision properties). This issue
  only applied to Ubuntu 6.06 LTS. (CVE-2007-2448)

  It was discovered that the Subversion mod_dav_svn module for Apache did not
  properly handle a named repository as a rule scope. Remote authenticated
  users could use this flaw to bypass intended restrictions. This issue only
  applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-3315)
  
  It was discovered that the Subversion mod_dav_svn module for Apache
  incorrectly handled the walk function. Remote authenticated users could use
  this flaw to cause the service to crash, leading to a denial of service.
  (CVE-2010-4539)
  
  It was discovered that Subversion incorrectly handled certain memory
  operations. Remote authenticated users could use this flaw to consume large
  quantities of memory and cause the service to crash, leading to a denial of
  service. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10.
  (CVE-2010-4644)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-1053-1";
tag_affected = "subversion vulnerabilities on Ubuntu 6.06 LTS ,
  Ubuntu 8.04 LTS ,
  Ubuntu 9.10 ,
  Ubuntu 10.04 LTS ,
  Ubuntu 10.10";
tag_solution = "Please Install the Updated Packages.";


if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1053-1/");
  script_id(840580);
  script_version("$Revision: 7964 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_xref(name: "USN", value: "1053-1");
  script_cve_id("CVE-2007-2448", "CVE-2010-3315", "CVE-2010-4539", "CVE-2010-4644");
  script_name("Ubuntu Update for subversion vulnerabilities USN-1053-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU9.10")
{

  if ((res = isdpkgvuln(pkg:"libsvn-dev", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-perl", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn1", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion-dbg", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libapache2-svn", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-java", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby1.8", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-doc", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion-tools", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby", ver:"1.6.5dfsg-1ubuntu1.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU6.06 LTS")
{

  if ((res = isdpkgvuln(pkg:"libapache2-svn", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-core-perl", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-javahl", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby1.8", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn0-dev", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn0", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-doc", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-subversion", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion-tools", ver:"1.3.1-3ubuntu1.3", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU10.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"libsvn-dev", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-perl", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn1", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion-dbg", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libapache2-svn", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-java", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby1.8", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-doc", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion-tools", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby", ver:"1.6.6dfsg-2ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU8.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"libapache2-svn", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-dev", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-java", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-perl", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby1.8", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn1", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion-dbg", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-doc", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-javahl", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion-tools", ver:"1.4.6dfsg1-2ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU10.10")
{

  if ((res = isdpkgvuln(pkg:"libsvn-dev", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-perl", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn1", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion-dbg", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python-subversion", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libapache2-svn", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-java", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby1.8", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-doc", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"subversion-tools", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libsvn-ruby", ver:"1.6.12dfsg-1ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

nessus 26
openvas 32
ubuntu 1
oraclelinux 2
redhat 2
securityvulns 6
freebsd 1
debian 4
fedora 5
centos 1
cve 4
veracode 3
prion 4
nvd 4
ubuntucve 4
cvelist 4
altlinux 2
debiancve 4
gentoo 1
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerabilities (USN-1053-1)
2011-02-02 00:00:00
Oracle Linux 6 : subversion (ELSA-2011-0258)
2013-07-12 00:00:00
Scientific Linux Security Update : subversion on SL6.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1053-1)
2011-02-04 00:00:00
Oracle: Security Advisory (ELSA-2011-0258)
2015-10-06 00:00:00
RedHat Update for subversion RHSA-2011:0258-01
2012-06-05 00:00:00
ubuntu
ubuntu
Subversion vulnerabilities
2011-02-01 00:00:00
oraclelinux
oraclelinux
subversion security update
2011-02-15 00:00:00
subversion security update
2011-02-15 00:00:00
redhat
redhat
(RHSA-2011:0258) Moderate: subversion security update
2011-02-15 00:00:00
(RHSA-2011:0257) Moderate: subversion security update
2011-02-15 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-01-20 00:00:00
[ MDVSA-2011:006 ] subversion
2011-01-20 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-10-13 00:00:00
freebsd
freebsd
subversion -- multiple DoS
2011-01-02 00:00:00
debian
debian
[BSA-017] Security Update for subversion
2011-01-10 15:12:05
BSA-004 Security Update for subversion
2010-10-10 09:45:47
BSA-004 Security Update for subversion
2010-10-10 09:30:09
fedora
fedora
[SECURITY] Fedora 14 Update: subversion-1.6.15-1.fc14
2011-01-18 21:35:07
[SECURITY] Fedora 12 Update: subversion-1.6.13-1.fc12.1
2010-10-28 05:50:49
[SECURITY] Fedora 14 Update: subversion-1.6.13-1.fc14
2010-10-28 06:18:29
centos
centos
mod_dav_svn, subversion security update
2011-04-14 13:37:25
cve
cve
CVE-2010-4644
2011-01-07 19:00:20
CVE-2010-3315
2010-10-04 21:00:04
CVE-2007-2448
2007-06-14 23:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:53:38
Information Disclosure
2020-04-10 00:53:06
Denial Of Service (DoS)
2020-04-10 00:53:38
prion
prion
Command injection
2011-01-07 19:00:00
Command injection
2010-10-04 21:00:00
Null pointer dereference
2011-01-07 19:00:00
nvd
nvd
CVE-2010-3315
2010-10-04 21:00:04
CVE-2010-4644
2011-01-07 19:00:20
CVE-2007-2448
2007-06-14 23:30:00
ubuntucve
ubuntucve
CVE-2010-3315
2010-10-04 00:00:00
CVE-2010-4644
2011-01-07 00:00:00
CVE-2007-2448
2007-06-14 00:00:00
cvelist
cvelist
CVE-2010-4644
2011-01-07 18:00:00
CVE-2010-3315
2010-10-04 20:00:00
CVE-2007-2448
2007-06-14 23:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package subversion version 1.6.13-alt1
2010-10-19 00:00:00
Security fix for the ALT Linux 5 package subversion version 1.6.13-alt0.M50P.1
2010-11-12 00:00:00
debiancve
debiancve
CVE-2010-3315
2010-10-04 21:00:04
CVE-2010-4644
2011-01-07 19:00:20
CVE-2007-2448
2007-06-14 23:30:00
gentoo
gentoo
Subversion: Multiple vulnerabilities
2013-09-23 00:00:00

0.007 Low

EPSS

Percentile

79.6%

JSON
Related for OPENVAS:840580
nessus26openvas32ubuntu1oraclelinux2redhat2securityvulns6freebsd1debian4fedora5centos1cve4veracode3prion4nvd4ubuntucve4cvelist4altlinux2debiancve4gentoo1