SID 14601
Msg
"DELETED EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow attempt"
Summary
This event is generated when an attempt is made to exploit a known vulnerability in Subversion.
Classtype
attempted-user
Impact
Denial of Service. Information disclosure. Loss of integrity. Complete admin access.
Detailed Information
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
Affected Systems
- Subversion Subversion 1.0
- Subversion Subversion 1.0.1
- Subversion Subversion 1.0.2
Ease Of Attack
Simple.
False Positives
None known.
False Negatives
None known.
Corrective Action
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
Contributors
- Sourcefire Vulnerability Research Team
- This document was generated from data supplied by the National Vulnerability Database. A product of the National Institute of Standards and Technology.
- For more information see http://nvd.nist.gov/
