Family: Fedora Local Security Checks --> Category: infos
Fedora Core 2 2004-166: subversion Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the subversion package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2004-166 (subversion).
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
A heap overflow vulnerability was discovered in the svn:// protocol
handling library, libsvn_ra_svn. If using the svnserve daemon,
an unauthenticated client may be able execute arbitrary code as
the user the daemon runs as. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0413.
This issue does not affect the mod_dav_svn module.
Solution : http://www.fedoranews.org/updates/FEDORA-2004-166.shtml
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.